Hello guys,

Last week I opened a thread in order to verify that my assumption regarding RPC traffic and the related firewall configuration is/was correct. Now I tried to implement the related rule(s) and saw, that the portmapper traffic is getting dropped via the cleanup rule. I am trying to achieve a NFS communication between a client and an AIX (Oracle/Sun) machine. The related document that explains the general procedure and required rules does not help me in this case.

The Security Gateway runs Gaia R76.50, the management server runs R80.10.

I tried the following things:

1.

Client ==> Server  ~ via Service "nfsprog" (predefined with program number 100003)

2.

Client ==> Server  ~ via Service "nfsprog"

Server ==> Client ~ via Service "nfsprog"

3.

Client ==> Server  ~ via Service ALL_DCE_RPC (predefined with the interface UUID of "any"... 00000000-000 etc.)

Server ==> Client ~ via Service ALL_DCE_RPC

In each case the only thing I can see are drops for UDP 111. Related to several documentations you should not allow the port mapper port on its own (not specifiy UDP 111 in the related rules within the service column). Only without manually specifying the port the Security Gateway is able to dynamically allow the port mapper traffic related to the specified RPC services - that's why I did not specify it within the services for the related rules.

Now my question is - why do I see drops for the port mapper port?

Do I need to tell the firewall which port mapper port is being used - how can I do that?

Are there any SKs or other documentations that I am missing?

Thank you very much in advance for any advice regarding this issue.