Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] AW: [FW-1] AW: [FW-1] drops on rule 995 for port 135?

from Steinecke, Sven [Permanent Link]
Subject: [FW-1] AW: [FW-1] AW: [FW-1] drops on rule 995 for port 135?
From: "Steinecke, Sven" <Sven.Steinecke AT STANDARDLIFE DOT DE>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Thu, 21 Apr 2005 09:56:40 +0200 
Hello Chris,
I had the same Problem with Rule 998. The Problem here is the Smart Defense
Feature. When there is no subscrition you can have this Problems. 
I fixed it with the following changes. 

In the absence of a SmartDefense Subscription the $FWDIR/lib/dcerpc.def file
must be modified to allow port 135.


PROCEDURE:
1) On the SmartCenter Server stop the firewall services by typing at prompt:
cpstop 
2) Perform a backup of the $FWDIR/lib/dcerpc.def file.
3) Edit the dcerpc.def file.

CAUTION: 
Windows GUI editors (Notepad or Wordpad) add carriage return / line feeds at
the end of text. When editing the xxxx.def on Windows machines, use edit.com
from a DOS command prompt.

Original
/*ALLOW_135 is used to open port 
*135 for uuids other then 
*dcerpc portmapper.
*/
#ifndef ALLOW_135
#define ALLOW_135 0
#endif


Modified
/*ALLOW_135 is used to open port 
*135 for uuids other then 
*dcerpc portmapper.
*/
#ifndef ALLOW_135
#define ALLOW_135 1
#endif


4) Save changes and close the dcerpc.def file.
5) Start the firewall services by typing at prompt: cpstart
6) Log into SmartDashboard and install the policy.

NOTE: Changes to .def files are relevant for a specific version/release and
not supported with other releases unless specifically noted. All changes to
.def files will be overwritten when upgrading to a new feature pack, service
pack, or new version.

In my Enviroment it was a change for Rule 998, but i think it work or Rule
995 too.

Regards Sven

-----Ursprüngliche Nachricht-----
Von: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]Im Auftrag von
Kuenzig, Michael
Gesendet: Donnerstag, 21. April 2005 09:17
An: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Betreff: [FW-1] AW: [FW-1] drops on rule 995 for port 135?


Try to allow the service tcp135 explicit in one seperate rule. I guess you
allow traffic between networks for the service any. Add the explicit rule
above the any rule.

Michael

-----Ursprüngliche Nachricht-----
Von: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] Im Auftrag von
Covington, Chris
Gesendet: Donnerstag, 21. April 2005 01:27
An: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Betreff: Re: [FW-1] drops on rule 995 for port 135?

Well sk25562 didn't make the 995 drops go away.  Does anyone know how to
allow these?


---
Chris Covington
IT
Plus One Health Management
75 Maiden Lane Suite 801
NY, NY 10038
646-312-6269
http://www.plusoneactive.com


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of 
Covington,
Chris
Sent: Wednesday, April 20, 2005 3:29 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] drops on rule 995 for port 135?

I found sk25562 and will reboot the firewall tonight...


---
Chris Covington
IT
Plus One Health Management
75 Maiden Lane Suite 801
NY, NY 10038
646-312-6269
http://www.plusoneactive.com


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of 
Covington,
Chris
Sent: Wednesday, April 20, 2005 2:51 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] drops on rule 995 for port 135?

Hi all,

I've been killing myself researching an Active Directory replication problem
and it turns out that FW-1 is the culprit:

Number:         7770
Date:                   20Apr2005
Time:                   13:43:18
Product:        VPN-1 & FireWall-1
Interface:      eth1
Origin:                 fw1 (x.x.x.x)
Type:                   Alert
Action:                 Reject
Protocol:       tcp
Service:        135
Source:         zor (10.20.6.3)
Destination:    saturn.plusone.com (10.0.2.5)
Rule:                   995
Source Port:    2853

Does anyone know how to allow this traffic to pass?  What is rule 995
anyway?

thanks
---
Chris Covington
IT
Plus One Health Management
75 Maiden Lane Suite 801
NY, NY 10038
646-312-6269
http://www.plusoneactive.com

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [FW-1] AW: [FW-1] AW: [FW-1] drops on rule 995 for port 135?, Steinecke, Sven <=
Previous by Date:  Re: [FW-1] SecuRemote R56 with certificate and CLuster R55, Gerson Levitz
Next by Date:  Re: [FW-1] drops on rule 995 for port 135?, Martin Benuska
Previous by Thread:  [FW-1] smartdefense; then policy fails to install, David Glosser
Next by Thread:  [FW-1] AW: [FW-1] drops on rule 995 for port 135?, Kuenzig, Michael
Indexes:  [Date] [Thread] [Top] [All Lists]