Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Prime
Contributor

RPC traffic on port 135 getting blocked on Checkpoint firewall intermittently.

RPC traffic on port 135 getting blocked on Checkpoint firewall intermittently. Getting error “Blocked MS-RPC non compliant version”.

M3.jpg

0 Kudos
6 Replies
Prime
Contributor

We noticed this issue today. Server is unable to connect to the domain controller from last 3 days.

After changing the inspection configuration for Non compliant MS RPC to accept, we now see one packet allowed and one packet denied with same error.

 R80.10sccm error.PNG

0 Kudos
Wolfgang
Mentor
Mentor

@Prime 

did you create recently the new service „TCP_135“ and used them in your policy?

It‘s better to use the default „ALL_DCE_RPC“-service for Microsoft connections on port tcp/135.

Follow DCE-RPC traffic is dropped on High Ports , I think this should help.

Wolfgang

0 Kudos
Prime
Contributor

Will the use of a DCE/RPC service will stop SecureXL's ?
0 Kudos
Chris_Atkinson
Employee
Employee

Consider the rule placement per sk32578 

Timothy_Hall
Champion
Champion

Use of a DCE/RPC service in a rule will stop SecureXL Accept templating but not affect whether or how the traffic can be accelerated.  So try to place the rule permitting DCE/RPC as far down as possible in your rule base.

Watch My 2023 CPX360 Speech Titled "Max Power
Reloaded: R81+ Gateway Performance Innovations"
0 Kudos
Prime
Contributor

Error:-Blocked MS-RPC non compliant version
we followed SK66605 file in order to resolve the issue.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Edited the $FWDIR/lib/table.def file



fw_dcerpc_map_ports = { <135> };
to
fw_dcerpc_map_ports = { };



>>>We disabled the extra rule which was used for per-defined service DCERPC.

>>>Post that pushed the policy, Traffic started to work and able to join the domain.
0 Kudos