[j-nsp] JUNOS and MS RPC

Scott T. Cameron routehero at gmail.com
Sat Apr 2 17:38:22 EDT 2011


I've got two sets of SRX3400 clusters, and the ALGs should come with:
caveat emptor.

Nice on paper and very similar to Linux conntrack modules, but in reality
the rule of thumb is it's better to have them disabled.

In the case of Microsoft, their technical papers will say your firewall
should allow 1024-65535 open.  In my datacenters, the only place where I
find this to be necessary is to domain controllers.  Most other MS software
can happily run off a specific TCP port.

YMMV.

Scott

On Sat, Apr 2, 2011 at 4:33 PM, Glenn Krutsinger <GKrutsinger at compassion.com
> wrote:

> Hello all,
>
> Is anyone running MS products through SRX firewalls? How are you getting
> RPC to work? According to engineering, the ScreenOS "ms-rpc-any" isn't
> included in JUNOS, although, I do see the ALG catching the info based off of
> endpoint mapper sessions. Add to that the fact that MS changed their port
> range for RPC with Server 2008 has given me some real fun conversations with
> our server team.
>
> Thanks,
> Glenn
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list