Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
adhawan
Staff
Staff

Created on ‎01-29-2023 09:20 PM

Article Id 244151

Technical Tip: DCE/RPC Sessions helper will not create pin-hole sessions

Description

This article describes that DCE/RPC Sessions helper on TCP 135 is not helping to create pinhole sessions after the binding messages.
Scope FortiGate.
Solution

DCE/RPC Sessions helper on TCP 135 is not helping to create pinhole sessions after the binding messages.

 

Based on the below PCAP:

 

adhawan_0-1675037789521.png

 

The value for Packet privacy in the DCERPC packet is set to 6. (RPC_C_AUTHN_LEVEL_PKT_PRIVACY).


Related document:

https://docs.microsoft.com/en-us/windows/win32/com/com-authentication-level-constants

It means the port info in the negotiation process has been encrypted.

So FGT DCE/RPC helper can never know this port and open a pinhole for it. This authentication level forbids any other hosts between the client and server to get the DCERPC packet's data.

So, it is suggested to open the ports TCP/49152-65535 on the FortiGate policy or change the Packet privacy on the client side to anything under 6 in the DCE/RPC packet.
1788
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.