G
Guest
Guest
Archived from groups: comp.security.firewalls (More info?)
Hi,
I'm hoping someone can help me with my problem.
I have recently upgraded our 2000 DC's to 2003 and as a result our
member server in our DMZ has now stopped talking to our DC's.
Now this was fine before the upgrade (2000 Domain)... We have a
checkpoint firewall which has SmartDefence which is basically blocking
the RPC traffic as it is trying to open up ramdom ports to talk back to
the member server (Dont know what has changed with 2003 as the firewall
has stayed the same).
If I disable the Smart Defence all is OK.
I have tried the fixes from microsft to limit the rpc port to one port
but in turn this stopped the domain working correctly internally and as
I have over thirty servers as well this did not seem a good idea.
(There was another fix where I can range the ports but I suspect the
firewall will treat these as dynamic anyway and deny as well...)
I am basically asking if there have been changes to the RPC calls
between 2000 and 2003??
Any help would be appreciated, I'm baffled, and the checkpoint support
is not much good, seem as the software should distinguish that it is a
MS RPC call and allow but it doesn't!!
Cheers
Col
Hi,
I'm hoping someone can help me with my problem.
I have recently upgraded our 2000 DC's to 2003 and as a result our
member server in our DMZ has now stopped talking to our DC's.
Now this was fine before the upgrade (2000 Domain)... We have a
checkpoint firewall which has SmartDefence which is basically blocking
the RPC traffic as it is trying to open up ramdom ports to talk back to
the member server (Dont know what has changed with 2003 as the firewall
has stayed the same).
If I disable the Smart Defence all is OK.
I have tried the fixes from microsft to limit the rpc port to one port
but in turn this stopped the domain working correctly internally and as
I have over thirty servers as well this did not seem a good idea.
(There was another fix where I can range the ports but I suspect the
firewall will treat these as dynamic anyway and deny as well...)
I am basically asking if there have been changes to the RPC calls
between 2000 and 2003??
Any help would be appreciated, I'm baffled, and the checkpoint support
is not much good, seem as the software should distinguish that it is a
MS RPC call and allow but it doesn't!!
Cheers
Col