Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Rule 998: DCE-RPC Problems

from Ray [Permanent Link]
Subject: Re: [FW-1] Rule 998: DCE-RPC Problems
From: Ray <sixsigma44 AT HOTMAIL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Wed, 23 Jun 2004 08:57:54 -0400 
Hi Phillip,


- How can we turn this SmartDefense stuff off for the DCE-RPC????


It may not be a SmartDefense drop. We had several DCERPC problems after
changing from SecureClient R54 to R55 and had a case with Check Point &
Nokia. The gateway and SmartCenter were on R55 base already. Our problems
were related to using DCERPC via SecureClient (Outlook to Exchange) , but
that's the only way we allow that protocol through the gateway.


- Did we something wrong (see steps above or in the link)????


Probably not.


- Did anyone else experience similar problems???


Never used R54. Went from FP3 to R55.


- If we upgrade to R55 is it enought to upgrade the management server
or do we need to upgrade also all the nodes?????


That's a good question. According to the release notes, no, you don't need
to upgrade the gateways to get the DCERPC fixes. HFA03 for R55 fixed almost
all of of the issues we were having with DCERPC & SecureClient. Oddly, the
fixes didn't work until after we upgraded the gateway. We have a distributed
environment. Maybe it was because we were experiencing it with SecureClient.
Don't know...


Any help would be highly appreciated.


I don't know your setup, but if possible you should take the management
station to R55 & HFA06 and see what happens. You can still manage the R54
gateways with it. If that doesn't help, take the gateways to R55 & HFA06 as
well. The Check Point people we were working with indicated DCERPC handling
had an extensive overhaul in the later HFAs of R55.

FWIW,

Ray

_________________________________________________________________
MSN Movies - Trailers, showtimes, DVD's, and the latest news from Hollywood!
http://movies.msn.click-url.com/go/onm00200509ave/direct/01/

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] NG FP3 Upgrade suggestions, Ray
Next by Date:  [FW-1] Rule 998: DCE-RPC Problems, Philipp Mueller
Previous by Thread:  [FW-1] Export external groups definitions, Emmanuel Bailleul
Next by Thread:  [FW-1] Rule 998: DCE-RPC Problems, Philipp Mueller
Indexes:  [Date] [Thread] [Top] [All Lists]