Hello, Rule number 995 means that you had a bind/alter-context request with more than one UUID in it. We don't allow it by default as it been used on some attacks but there is an inspect flag that allows it (and keep the security).
In $FWDIR/lib/dcerpc.def there is a flag #define NO_ENFORCE_CNTX_NUM 0 That should be changed to #define NO_ENFORCE_CNTX_NUM 1 Regards. On 4/20/05, Covington, Chris <[EMAIL PROTECTED]> wrote: > > Hi all, > > I've been killing myself researching an Active Directory replication > problem and it turns out that FW-1 is the culprit: > > Number: 7770 > Date: 20Apr2005 > Time: 13:43:18 > Product: VPN-1 & FireWall-1 > Interface: eth1 > Origin: fw1 (x.x.x.x) > Type: Alert > Action: Reject > Protocol: tcp > Service: 135 > Source: zor (10.20.6.3 <http://10.20.6.3>) > Destination: saturn.plusone.com <http://saturn.plusone.com> > (10.0.2.5<http://10.0.2.5> > ) > Rule: 995 > Source Port: 2853 > > Does anyone know how to allow this traffic to pass? What is rule 995 > anyway? > > thanks > --- > Chris Covington > IT > Plus One Health Management > 75 Maiden Lane Suite 801 > NY, NY 10038 > 646-312-6269 > http://www.plusoneactive.com > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
