Support Center > Search Results > SecureKnowledge Details
DCE-RPC traffic is dropped on High Ports
Symptoms
  • SmartView Tracker logs show that DCE-RPC traffic on High Ports is dropped, although a rule with the ALL_DCE_RPC service exists.

    Dropped traffic:

    • DCE-RPC
    • WMI
    • SCCM
Cause

Possible reasons:

  • The DCE-RPC traffic is matched to a rule that allows traffic on TCP port 135 and located above the rule with the "ALL_DCE_RPC" service.

  • The RPC initiator (traffic on TCP port 135) must pass through the Security Gateway on the "ALL_DCE_RPC", so the session "real" traffic on the higher port will pass.

Solution
Note: To view this solution you need to Sign In .