AnsweredAssumed Answered

Implementing rules for RPC traffic

Question asked by Maik Dummer on Jul 26, 2018
Latest reply on Jul 31, 2018 by Dameon Welch Abernathy

Hello guys,

 

I have a small question regarding the implementation for RPC traffic. Until a few weeks ago I barerly dealed with this topic. But now I need to make a configuration to allow some Oracle/Sun servers to get accessed via RPC.

 

I would summarize the general function of RPC like this:

 

- the client initiates a connection to the destination via a standard tcp handshake via a portmapper, TCP 111 for Oracle based systems/services and TCP port 135 for Micrsoft based systems/services.

- with the forth packet the client requests the uuid of the specific application from the server

- the port mapper answers with the related service as well as an acknowledgement and the connection is initialized

- now client is able to communicate to the related server process and receive the necessary information. It's also possible for the client to receive further information via the port mapper.

...

- after all the necessary data has been exchanged the connection is brought down via the the standard fin/ack procedure

 

Now my questions are:

 

- Is my assumption to this point correct?

- Do I just need to allow the port mapper port as well as the related RPC service (with its UUID) in order to bring up a RPC connection via a firewall?

- What exactly is the security gateway doing with the uuid information? What does the uuid mean for it - is it just a pointer where the gateway should look within the port mapper communication?

 

(I know that SecureXL is being disabled from the point where a RPC rule is implemented in my rulebase.)

 

Thank you in advance for possible answers and hints!

I'd also really appreciate it, if you should have any further RPC (and firewall, as a combination) related information besides answers to my questions.

 

Best regards,

Maik

Outcomes