This question was asked in this mailing list a while back. The quickest workaround to this (although it does sacrifice the security of SmartDefense for DCOM connections) is to create an ordinary TCP service for port 135 and to use that in your rule instead of the DCE-RPC service that comes standard with FW-1
That should bypass the security checks for RPC on port 135. Hope it helps. Matt -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of pkc_mls Sent: 16 May 2007 04:58 PM To: [email protected] Subject: Re: [FW-1] Site-to-Site VPN between a NGX R65 and Edge device John Lindblom a écrit : > I'm putting together a Site-to-Site VPN between a NGX R65 gateway and an > Edge device. Everything is working good but I'm unable to join > workstations to a Active Directory domain through the VPN, it fails with an > RPC error on the workstation and the logs show blocked Service 135 by > SmarDefence. I made the recommended changes found in #sk25562 "Allowing > DCOM DCE-RPC services on port 135 " but still blocks it. > > Anyone have any ideas? > Hi, you can put the smartdefense option that blocks this traffic in "monitor only". > John > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
