[j-nsp] JUNOS and MS RPC

OBrien, Will ObrienH at missouri.edu
Sat Apr 2 18:58:24 EDT 2011


Agreed. ALGs seem to always cause headaches. Turn them off and pretend they don't exist and you'll be better off.  (Think of them like that crazy guy/girl you wanted to date in High School... Same thing really.)

On Apr 2, 2011, at 4:38 PM, Scott T. Cameron wrote:

> I've got two sets of SRX3400 clusters, and the ALGs should come with:
> caveat emptor.
> 
> Nice on paper and very similar to Linux conntrack modules, but in reality
> the rule of thumb is it's better to have them disabled.
> 
> In the case of Microsoft, their technical papers will say your firewall
> should allow 1024-65535 open.  In my datacenters, the only place where I
> find this to be necessary is to domain controllers.  Most other MS software
> can happily run off a specific TCP port.
> 
> YMMV.
> 
> Scott
> 
> On Sat, Apr 2, 2011 at 4:33 PM, Glenn Krutsinger <GKrutsinger at compassion.com
>> wrote:
> 
>> Hello all,
>> 
>> Is anyone running MS products through SRX firewalls? How are you getting
>> RPC to work? According to engineering, the ScreenOS "ms-rpc-any" isn't
>> included in JUNOS, although, I do see the ALG catching the info based off of
>> endpoint mapper sessions. Add to that the fact that MS changed their port
>> range for RPC with Server 2008 has given me some real fun conversations with
>> our server team.
>> 
>> Thanks,
>> Glenn
>> 
>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp




More information about the juniper-nsp mailing list