Adam Hudson

R80.10 Gateway: SecureXL + DCE RPC

Discussion created by Adam Hudson on Apr 4, 2018
Latest reply on Apr 5, 2018 by Adam Hudson

One of my clients recently migrated to R80.10 on brand new 5800s running in high availability.  These units replaced some older 12200 units running R77.30.

 

After the migration, strange issues with DCE RPC communication began to crop up.  The most visible was Outlook fat client running across Endpoint VPN trying to communicate with the Exchange servers.   After careful examination, I determined that sometimes the endpoint mapper attempt on port 135 would be permitted (via the special ALL_DCE_RPC service), but the response would be corrupted or possibly dropped (no log evidence other than the 135 connection allowed).  About 30% of the attempts would work just fine, the remainder would mysteriously fail.

 

I immediately started chasing IPS as a possible culprit, but could not find any logging evidence to blame it and exceptions had absolutely no effect on things.

 

After many hours of troubleshooting, I finally started looking at the acceleration layer.  Sure enough, disabling SecureXL caused the this DCE RPC issue to disappear.  

 

NOW, I am fully aware that SecureXL combined with DCE RPC communication will defeat acceleration templating, that has been discussed elsewhere and documented.  HOWEVER, even with that caveat, it should not disrupt, drop or interfere with the DCE RPC communication.

 

Has anyone come across this?  Is it a known bug?  Are there configuration items I need to visit in the acceleration layer or elsewhere that need to be dealt with?

 

These gateways are operating on R80.10 Take 70.

 

Adam

Outcomes