You want to view the dynamic TCP/UDP port associated with a Microsoft RPC firewall session.
Figure 11-3 shows a topology whereby a host running the Microsoft Outlook client is situated on the
Desktops zone and needs to connect to a Microsoft Exchange Server located on the internal
Figure 11-3. Viewing MS-RPC ALG sessions
The following policy, using the MS-Exchange MS-RPC ALG, permits this connection:
set policy id 19 from Desktops to Trust Outlook_Client Exchange_Server MS-EXCHANGE permit log
You can view the TCP/UDP ports associated with the MS-RPC MS-Exchange session using either of the following methods:
get session service MS-EXCHANGEInside_FW->
get session src-ip 172.16.30.100 dst-ip 10.1.30.10
As discussed in Recipe 7.15, Windows applications/services running on separate machines use MS-RPC to communicate with each other. The client application connects to the server on the MS-RPC Endpoint Mapper port (typically TCP/135) and specifies a UUID and version number. The server returns a response with the TCP/UDP port on which that UUID has registered itself. The client can then open a direct TCP/UDP connection to that port. The ScreenOS MS-RPC ALG tracks this entire communication stream, thus enabling the opening of the communication channel on the returned ...