We have enabled inspection of RPC on TCP Port 135, to inspect the MS RPC response and dynamically open the ports.
We have created a DCERPC Map with te following settings:
Pinhole Timeout : 00:15:00
Endpoint-mapper service lookup: enabled
Endpoint-mapper service lookup timeout: 00:10:10
We can succesfully connect throught the firewall on 135 , but it blocks any dynamic high ports which follow..
Any thought on this?