Is there any way in Sophos UTM Network Protection Firewall to identify, and either permit or reject MS-RPC traffic?
I'm not talking about RPC over HTTP, but a regular RPC traffic (destination port: 1024:65535/tcp)
I want to let clients coming from VPN to talk to domain controllers, but I do not want to open a big hole of 64511 ports for them. Setting a static RPC port range on the server side is not an option.
With Juniper SRX firewall I can very easily use UUID's (Universally Unique IDentifiers) to identify RPC traffic. For example:
Then I can use "junos-ms-rpc-uuid-any-tcp" as a destination port instead of opening a range of ports (1024:65535/tcp), and SRX firewall knows it's a related MS-RPC traffic based on the UUID obtained by the protocol inspection.
Can Sophos UTM work with RPC UUID's?
See the following links for more information about UUID:
I'm not talking about RPC over HTTP, but a regular RPC traffic (destination port: 1024:65535/tcp)
I want to let clients coming from VPN to talk to domain controllers, but I do not want to open a big hole of 64511 ports for them. Setting a static RPC port range on the server side is not an option.
With Juniper SRX firewall I can very easily use UUID's (Universally Unique IDentifiers) to identify RPC traffic. For example:
Code:
# show groups junos-defaults applications application junos-ms-rpc-uuid-any-tcp
term t1 protocol tcp uuid ffffffff-ffff-ffff-ffff-ffffffffffff;
{primary:node0}[edit]Can Sophos UTM work with RPC UUID's?
See the following links for more information about UUID: