O'Reilly logo

ScreenOS Cookbook by Sunil Wadhwa, Joe Kelly, Ken Draper, David Delcourt, Vik Davar, Stefan Brunner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

11.9. View the Dynamic Port(s) Associated with a Microsoft RPC Session

Problem

You want to view the dynamic TCP/UDP port associated with a Microsoft RPC firewall session.

Solution

Figure 11-3 shows a topology whereby a host running the Microsoft Outlook client is situated on the Desktops zone and needs to connect to a Microsoft Exchange Server located on the internal Trust zone.

Viewing MS-RPC ALG sessions

Figure 11-3. Viewing MS-RPC ALG sessions

The following policy, using the MS-Exchange MS-RPC ALG, permits this connection:

	Inside_FW-> set policy id 19 from Desktops to Trust Outlook_Client
	Exchange_Server MS-EXCHANGE permit log

You can view the TCP/UDP ports associated with the MS-RPC MS-Exchange session using either of the following methods:

	Inside_FW-> get session service MS-EXCHANGE
	Inside_FW->get session src-ip 172.16.30.100 dst-ip 10.1.30.10

Discussion

As discussed in Recipe 7.15, Windows applications/services running on separate machines use MS-RPC to communicate with each other. The client application connects to the server on the MS-RPC Endpoint Mapper port (typically TCP/135) and specifies a UUID and version number. The server returns a response with the TCP/UDP port on which that UUID has registered itself. The client can then open a direct TCP/UDP connection to that port. The ScreenOS MS-RPC ALG tracks this entire communication stream, thus enabling the opening of the communication channel on the returned ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required