You could try and use dce-rpc entries under services, this contains entries for
Exchange and goes on uuid instead of port number
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf Of Brett,
Gary
Sent: 10 March 2004 13:05
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] SecureClient - Outlook and Exhange
Thanks NA, so what youre saying is, the tcp 1053 and tcp 1068 that I keep
getting are RANDOM ports and will inevitably change at some point to other
random ports ? If thats the case then I am shocked that microsoft have
designed it like this, and they wonder why there mail products are subject
to so much hacking !
-----Original Message-----
From: Not Available [mailto:not_112 AT HOTMAIL DOT COM]
Sent: 10 March 2004 12:52
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] SecureClient - Outlook and Exhange
Well, try sniffing the traffic between client (outlook) and server
(exchange) and you will discovre in horror what RPC is.
There are two main "flavors" of RPC: the UNIX (named RPC) and the Windows
(DCE-RPC). The basic idea is the same: use a fixed port (111/UDP and 111/TCP
for UNIX, 135/TCP for Windows) to negotiate a random, high port onto which
perform the true data connection.
Yes, RANDOM port. Checkpoint somehow handles RPC and DCE-RPC, but I have
NEVER been able to set it up reliably. In those cases, I'd rather stick to
"any".
For the naming resolution of services, Checkpoint uses its internal database
as well as the /etc/services file.
Hope this helps
NA
----- Original Message -----
From: "Brett, Gary" <garybrett AT HALIFAXCETELEM DOT COM>
To: <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
Sent: Wednesday, March 10, 2004 12:56 PM
Subject: [FW-1] SecureClient - Outlook and Exhange
> Hi there
>
> I am attempting to get outlook 2000 clients connecting to a exchange 5.5
> server over SecureClient (NG FP3). If i create an outbound `Desktop
Policy`
> rule that says - -
>
> This_user@Any ---> Exchange_box_internal_address - Service=Any
>
> ...then every thing works no problem at all. But I have been asked to get
> rid of rules with "Any" in the service column and lock it down to the
> required tcp/udp ports/services only.
>
> Has anybody configured this to work already? if so which ports do i need
to
> keep open to get this working, so far i have
>
> tcp 135
> tcp 1053
> tcp 1068
>
> Can anyone think of any more that outlook potentially might want to use ?
>
> PS: Why, when TCP-135 appears in the log, it resolves to the name "epmap"
> but when i look in services listing in NG there is no "epmap" or in fact
no
> service at all for TCP-135 ???, im very confused by this, I want to add
the
> service to a rule but it doesnt exist , but it does ..! if you see what i
> mean. Would i have to create the service and call it something else ??
>
> any help would be greatly appreciated
>
> Cheers
> Gary
> This electronic message contains information from Halifax Cetelem Credit
Ltd
> which may be privileged or confidential. The information is intended to be
> for the use of the individual(s) or entity named above. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information is prohibited. If you have
received
> this electronic message in error, please notify us by telephone or email
(to
> the numbers or address above) immediately.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
This electronic message contains information from Halifax Cetelem Credit Ltd
which may be privileged or confidential. The information is intended to be
for the use of the individual(s) or entity named above. If you are not the
intended recipient be aware that any disclosure, copying, distribution or
use of the contents of this information is prohibited. If you have received
this electronic message in error, please notify us by telephone or email (to
the numbers or address above) immediately.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
--
------------------------------------------------------------------------------
Halifax plc, Registered in England No. 2367076. Registered Office: Trinity
Road, Halifax, West Yorkshire HX1 2RG. Regulated by the Financial Services
Authority. Represents only the Halifax Financial Services Marketing Group for
the purposes of advising on and selling life assurance, pensions and collective
investment scheme business. Switchboard 01422 333333.
==============================================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
