Fred,
One of the issues I discovered some years ago now with Microsoft servers
needing to communicate with each other through a firewall was the dynamic
assigning of ports for RPC/DCOM use. The fix was to set a port range in
the registry on all of the machines that needed to communicate with each
other and then create the appropriate service objects and rules to allow
this connectivity.
The example below sets the DCOM range to 10000/tcp-10100/tcp but you can of
course set a totally different range.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet
"Ports"=hex(7):31,30,30,30,30,2d,31,30,31,30,30,00,00
"PortsInternetAvailable"="Y"
"UseInternetPorts"="Y"
This setting change requires a machine reboot.
I hope this helps you in your endeavours.
Regards,
Ken
Mailing list for discussion of Firewall-1
<[email protected]> wrote on 10/02/2006 08:06:27:
> Exactly, the connection is timing out on the firewall before it times
> out at the endpoints and several sources I have found explain this
> common issue occurs from Microsoft's loose adherence to RFC793. However
> many explanations exist, I have yet to find an acceptable solution!
>
> The option doesn't exist for me to allow out of state TCP from specific
> hosts, only as a global setting. I've been told the problem needs to be
> approached differently but how?
>
> Thanks!
> fred
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[EMAIL PROTECTED] On Behalf Of Mark
> Senior
> Sent: Thursday, February 09, 2006 2:43 PM
> To: [email protected]
> Subject: Re: [FW-1] drop out of state tcp?
>
> If they really are violating TCP standards, i.e. sending unsolicited
> ACKs, then they won't be able to communicate anyway, as the other side
> won't have an allocated socket.
>
> A more likely explanation might be that the connection is timing out on
> the firewall before it times out at the endpoints. Then they start
> talking again, but the firewall's forgotten about the conversation.
>
> Regards
> Mark
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[EMAIL PROTECTED] On Behalf Of Tucker,
> Fredrik M
> Sent: 8 February, 2006 14:50
> To: [email protected]
> Subject: [FW-1] drop out of state tcp?
>
> Checkpoint FW-1 NG R55
>
> Is there a "more restrictive" alternative to un-checking "drop out of
> state TCP" in the Global Properties?
>
> Specifically dealing with a handful of Microsoft boxes on either side
> that seem to violate TCP standards.
>
> Can an exception be made per rule?
>
> More specifics:
>
> Dropped... TCP packet out of state; First packet isn't SYN;
> tcp_flags:ACK
>
> Thanks!
>
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an email to
> [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription options,
> email [EMAIL PROTECTED]
> =================================================
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they are
> addressed. If you have received this email in error please notify the
> system manager. This message contains confidential information and is
> intended only for the individual named. If you are not the named
> addressee you should not disseminate, distribute or copy this e-mail.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
Please consider our environment before printing this email.
WARNING - This email and any attachments may be confidential. If received in
error, please delete and inform us by return email. Because emails and
attachments may be interfered with, may contain computer viruses or other
defects and may not be successfully replicated on other systems, you must be
cautious. Westpac cannot guarantee that what you receive is what we sent. If
you have any doubts about the authenticity of an email by Westpac, please
contact us immediately.
It is also important to check for viruses and defects before opening or using
attachments. Westpac's liability is limited to resupplying any affected
attachments.
This email and its attachments are not intended to constitute any form of
financial advice or recommendation of, or an offer to buy or offer to sell, any
security or other financial product. We recommend that you seek your own
independent legal or financial advice before proceeding with any investment
decision.
Westpac Institutional Bank is a division of Westpac Banking Corporation, a
company registered in New South Wales in Australia under the Corporations Act
2001 (Cth). Westpac is authorised and regulated in the United Kingdom by the
Financial Services Authority and is registered at Cardiff in the United Kingdom
as Branch No. BR 106. Westpac operates in the United States of America as a
federally chartered branch, regulated by the Office of the Comptroller of the
Currency.
Westpac Banking Corporation ABN 33 007 457 141.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
