Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Participant

RPC traffic on port 135 getting blocked on Checkpoint firewall intermittently.

RPC traffic on port 135 getting blocked on Checkpoint firewall intermittently. Getting error “Blocked MS-RPC non compliant version”.

M3.jpg

0 Kudos
Reply
6 Replies
Participant

We noticed this issue today. Server is unable to connect to the domain controller from last 3 days.

After changing the inspection configuration for Non compliant MS RPC to accept, we now see one packet allowed and one packet denied with same error.

 R80.10sccm error.PNG

0 Kudos
Reply
Leader
Leader

@ACEGYRA 

did you create recently the new service „TCP_135“ and used them in your policy?

It‘s better to use the default „ALL_DCE_RPC“-service for Microsoft connections on port tcp/135.

Follow DCE-RPC traffic is dropped on High Ports , I think this should help.

Wolfgang

0 Kudos
Reply
Participant

Will the use of a DCE/RPC service will stop SecureXL's ?
0 Kudos
Reply
Employee++
Employee++

Consider the rule placement per sk32578 

Champion
Champion

Use of a DCE/RPC service in a rule will stop SecureXL Accept templating but not affect whether or how the traffic can be accelerated.  So try to place the rule permitting DCE/RPC as far down as possible in your rule base.

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Participant

Error:-Blocked MS-RPC non compliant version
we followed SK66605 file in order to resolve the issue.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Edited the $FWDIR/lib/table.def file



fw_dcerpc_map_ports = { <135> };
to
fw_dcerpc_map_ports = { };



>>>We disabled the extra rule which was used for per-defined service DCERPC.

>>>Post that pushed the policy, Traffic started to work and able to join the domain.
0 Kudos
Reply