Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
athirat
Staff
Staff

Created on ‎03-30-2022 03:24 AM Edited on ‎07-27-2023 12:52 AM By Moderator

Article Id 207937

Technical Tip: DCERPC session-helper not creating expectation sessions when using 'Packet privacy'

Description

This article describes how FortiGate DCEPRC session helper handles DCERPC data connection when the connection is using 'Packet privacy'.
Scope All FortiOS versions.
Solution

In the DCERPC stream across FortiGate, if the 'remoteCreateInstance' request and response are using 'Auth level: Packet privacy', the DCERPC session-helper would not able to read this encrypted payload for the data ports.

 

This is expected behavior.

 

athirat_0-1648635546263.png

 

Hence, in this case, the DCERPC session helper cannot create an expectation session for the data connection (high ports).

Due to this, a policy needs to be added on FortiGate to allow TCP/49152-65535 to allow the data connection (DCERPC high ports).

 

For added security, one may also include an application profile within the policy, permitting only RPC applications.

 

Authentication level constants are described in the link below:
Authentication Level Constants.
1124
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.