I am trying to get Microsoft DCOM through a FWSM.
We use FWSM inside our network to protect our server subnets. One of the server is using RMC that is based on Microsoft DCOM.
My understanding is the DCOM uses port tcp/135 for the beginning of the conversation. It than switches to a port in the 1024-65535 range. It just seams like a waste of a firewall to open all ports in that range.
My understanding is that the DCERPC inspection is suppose to work on this protocol. This inspection is turned on in the global policy map and set for default.
service-policy global_policy global
Is there anything special I need to get this going? Do I really need to open all tcp ports between 1024-65535?