We have domain controllers that live in different data centers that are having issues performing replication of sysvol and netlogon shares. This replication is done via RPC. I have a rule to allow traffic between the domain controllers using the ALL_DCE_RPC service object. TCP/135 is being allowed, subsequent high port traffic for this replication is being dropped. Other RPC traffic between the domain controllers is being allowed by this rule.
Above this rule, I created a new rule for traffic between the domain controllers, but in this rule, I used the application object "DCE-RPC Protocol". Replication then succeeded, RPC traffic is allowed by this rule (Application Names listed as "MS-DFS-R" and "DCE-RPC Protocol" in the logs).
Anyone else see this behavior for replication traffic?
What are the pros/cons to using the application object "DCE-RPC Protocol" instead of the service object "ALL_DCE_RPC"?
Relevant information: gateways are running R80.40 with JHFA Take 180.