Hallo Arthur,
we had the same problem.
In R77.30 a rule exists with source, „ALL_DCE_RPC“ as service and a destination.
Everything was fine, dynamic high ports are allowed on request.
After upgrade to R80.10 the same traffic was blocked by the cleanup rule. Adding the high-ports range as service allows the packets. A long debug session with Check Points support solved the issue.
All needed information comes from sk65676.
You need only a rule with „ALL_DCE_RPC“ as service, no other services. And you have to delete all other service definition for TCP/135. You have to delete this from the object database, even if it not used.
This is important and solved our problem. Step 2 in sk65676 describe this.
with this the service ALL_DCE_RPC works like expected and you don‘t need to open special high ports.
best regards
Wolfgang Becher