Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Site-to-Site VPN between a NGX R65 and Edge device

from Matthew Odendaal [Permanent Link]
Subject: Re: [FW-1] Site-to-Site VPN between a NGX R65 and Edge device
From: Matthew Odendaal <matthew AT ISA.CO DOT ZA>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Wed, 16 May 2007 17:02:24 +0200 
This question was asked in this mailing list a while back. The quickest 
workaround to this (although it does sacrifice the security of SmartDefense for 
DCOM connections) is to create an ordinary TCP service for port 135 and to use 
that in your rule instead of the DCE-RPC service that comes standard with FW-1

That should bypass the security checks for RPC on port 135.

Hope it helps.

Matt

 

-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT 
AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of pkc_mls
Sent: 16 May 2007 04:58 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Site-to-Site VPN between a NGX R65 and Edge device

John Lindblom a écrit :
> I'm putting together a Site-to-Site VPN between a NGX R65 gateway and an
> Edge device.  Everything is working good but I'm unable to join
> workstations to a Active Directory domain through the VPN, it fails with an
> RPC error on the workstation and the logs show blocked Service 135 by
> SmarDefence.  I made the recommended changes found in #sk25562 "Allowing
> DCOM DCE-RPC services on port 135 " but still blocks it.
>
> Anyone have any ideas?
>   
Hi,

you can put the smartdefense option that blocks this traffic in "monitor 
only".
> John
>   

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Site-to-Site VPN between a NGX R65 and Edge device, pkc_mls
Next by Date:  [FW-1] Nokia VRRP Simplified Method : Problem, Joel Guillerm
Previous by Thread:  Re: [FW-1] Site-to-Site VPN between a NGX R65 and Edge device, pkc_mls
Next by Thread:  Re: [FW-1] Site-to-Site VPN between a NGX R65 and Edge device, John Lindblom
Indexes:  [Date] [Thread] [Top] [All Lists]