Hi, Have you tried creating a new service for tcp/135 called dcomm (or something) and re-compiling your policy.
I had this problem a while ago - but can't remember if it was on R54 or R55 Regards, Dave -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Didier PARIS Sent: 19 October 2005 08:33 To: [email protected] Subject: Re: [FW-1] How-to accept RPC DCOM? Importance: High Hi, No. Even if we open source, destination, any service it doesn't work. There is a SYN-ACK without SYN reject. This behaviour could be related to the virus using RPC DCOM. So it sems for me that there is somewhere in the implied rules, some special analysis about DCOM communication, which brings the firewall to reject any DCOM flow. The problem is that in the R54 it is not clear. I have seen on the forum that some people using R55 have got the same problem but in this version they can disable this rule (998 or something like that) in the list of implied rule. In the R54, i can't see it. And furthermore, I have never found the R54 to R55 upgrade software. So I am stuck on this point. Didier > -----Message d'origine----- > De : Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] la part de Joe > Matusiewicz Envoye : mardi 18 octobre 2005 16:47 A : > [email protected] > Objet : Re: [FW-1] How-to accept RPC DCOM? > > > At 09:25 AM 10/18/2005, Didier PARIS wrote: > >Hi All, > > > >We have a Firewall Checkpoint NG AI R54 on a Windows 2000 server SP4. > >We would like to accept communication RPC DCOM communication between > >two internal VLANs (I know about the risk to accept such flow). It > >seems that this is not authorized in the firewall implicit rules. > >Is it possible to modify the behaviour of the firewall on this > >particular point? And if yes, how to do that? > > > I don't know about implicit rules but wouldn't opening up the ports > RPC-DCOM uses take care of this? I'm talking about TCP 135, 139, 443, > and 593. If this doesn't cover it you can always look for drops in > your logs and adjust accordingly. > > -- Joe > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, > email [EMAIL PROTECTED] > ================================================= This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
