Description |
This article describes that DCE/RPC Sessions helper on TCP 135 is not helping to create pinhole sessions after the binding messages. |
Scope | FortiGate. |
Solution |
DCE/RPC Sessions helper on TCP 135 is not helping to create pinhole sessions after the binding messages.
Based on the below PCAP:
The value for Packet privacy in the DCERPC packet is set to 6. (RPC_C_AUTHN_LEVEL_PKT_PRIVACY).
https://docs.microsoft.com/en-us/windows/win32/com/com-authentication-level-constants So FGT DCE/RPC helper can never know this port and open a pinhole for it. This authentication level forbids any other hosts between the client and server to get the DCERPC packet's data. So, it is suggested to open the ports TCP/49152-65535 on the FortiGate policy or change the Packet privacy on the client side to anything under 6 in the DCE/RPC packet. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.