[j-nsp] JUNOS and MS RPC
OBrien, Will
ObrienH at missouri.edu
Sat Apr 2 18:58:24 EDT 2011
Agreed. ALGs seem to always cause headaches. Turn them off and pretend they don't exist and you'll be better off. (Think of them like that crazy guy/girl you wanted to date in High School... Same thing really.)
On Apr 2, 2011, at 4:38 PM, Scott T. Cameron wrote:
> I've got two sets of SRX3400 clusters, and the ALGs should come with:
> caveat emptor.
>
> Nice on paper and very similar to Linux conntrack modules, but in reality
> the rule of thumb is it's better to have them disabled.
>
> In the case of Microsoft, their technical papers will say your firewall
> should allow 1024-65535 open. In my datacenters, the only place where I
> find this to be necessary is to domain controllers. Most other MS software
> can happily run off a specific TCP port.
>
> YMMV.
>
> Scott
>
> On Sat, Apr 2, 2011 at 4:33 PM, Glenn Krutsinger <GKrutsinger at compassion.com
>> wrote:
>
>> Hello all,
>>
>> Is anyone running MS products through SRX firewalls? How are you getting
>> RPC to work? According to engineering, the ScreenOS "ms-rpc-any" isn't
>> included in JUNOS, although, I do see the ALG catching the info based off of
>> endpoint mapper sessions. Add to that the fact that MS changed their port
>> range for RPC with Server 2008 has given me some real fun conversations with
>> our server team.
>>
>> Thanks,
>> Glenn
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list