I tried this but SmartDefense still blocks it. I think it's because it
happens before any rules.
I was able to change SmartDefence to Monitor_Only for MS-RPC as someone
else suggested to get the PC to join the AD Domain and then I can change it
back.
John
Matthew Odendaal
<[EMAIL PROTECTED]
A> To
Sent by: Mailing [EMAIL PROTECTED]
list for INT.COM
discussion of cc
Firewall-1
<FW-1-MAILINGLIST Subject
@AMADEUS.US.CHECK Re: [FW-1] Site-to-Site VPN between
POINT.COM> a NGX R65 and Edge device
05/16/2007 10:02
AM
Please respond to
Mailing list for
discussion of
Firewall-1
<FW-1-MAILINGLIST
@AMADEUS.US.CHECK
POINT.COM>
This question was asked in this mailing list a while back. The quickest
workaround to this (although it does sacrifice the security of SmartDefense
for DCOM connections) is to create an ordinary TCP service for port 135 and
to use that in your rule instead of the DCE-RPC service that comes standard
with FW-1
That should bypass the security checks for RPC on port 135.
Hope it helps.
Matt
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of pkc_mls
Sent: 16 May 2007 04:58 PM
To: [email protected]
Subject: Re: [FW-1] Site-to-Site VPN between a NGX R65 and Edge device
John Lindblom a écrit :
> I'm putting together a Site-to-Site VPN between a NGX R65 gateway and an
> Edge device. Everything is working good but I'm unable to join
> workstations to a Active Directory domain through the VPN, it fails with
an
> RPC error on the workstation and the logs show blocked Service 135 by
> SmarDefence. I made the recommended changes found in #sk25562 "Allowing
> DCOM DCE-RPC services on port 135 " but still blocks it.
>
> Anyone have any ideas?
>
Hi,
you can put the smartdefense option that blocks this traffic in "monitor
only".
> John
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
