Created on 03-30-2022 03:24 AM Edited on 07-27-2023 12:52 AM By Jean-Philippe_P
Description |
This article describes how FortiGate DCEPRC session helper handles DCERPC data connection when the connection is using 'Packet privacy'. |
Scope | All FortiOS versions. |
Solution |
In the DCERPC stream across FortiGate, if the 'remoteCreateInstance' request and response are using 'Auth level: Packet privacy', the DCERPC session-helper would not able to read this encrypted payload for the data ports.
This is expected behavior.
Hence, in this case, the DCERPC session helper cannot create an expectation session for the data connection (high ports). Due to this, a policy needs to be added on FortiGate to allow TCP/49152-65535 to allow the data connection (DCERPC high ports).
For added security, one may also include an application profile within the policy, permitting only RPC applications.
Authentication level constants are described in the link below: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.