[j-nsp] JUNOS and MS RPC

[Pavel Lunin]

>> Is anyone running MS products through SRX firewalls? How are you getting
>> RPC to work? According to engineering, the ScreenOS "ms-rpc-any" isn't
>> included in JUNOS, although, I do see the ALG catching the info based
>> off of endpoint mapper sessions.
>
> [….]
>
> Supposedly, according to JTAC, there are MS RPC ALG fixes in 10.4R3, 
> but I have not tested it that far yet.
>
> I'd be curious to know if you have found any success.

Skimmed very quickly through the tread and haven't found any mention of 
JUNOS version, on which you are trying to make it work. I didn't really 
much tried to sort out the details of your issue, so excuse me if that's 
not the case.

We've bumped into PR537186 with, I think, 10.3R1 quite half a year ago 
trying to find a version, which works sable for clusters. It had been 
just before 10.2R3 was released (in which this PR was fixed). If you 
trace the MS-RPC traffic using security-flow-traceoptions, and see 
"packet dropped, denied by gate_hit callback", it seems to be the case 
of this PR.

According to its description, it should be fixed in 10.2R3 (which I can 
confirm), 10.3R2, 11.1R1. No mention about 10.4 at all somehow. Have no 
idea why.

--
Regards,
Pavel