FWSM blocks RPC traffic

Unanswered Question
Feb 27th, 2012
User Badges:

Hello


I have a customer who has Microsoft SMS running on Windows 2008 server and agent is installed on all clients, server is in DMZ and the clients are in other dmz , other applications are running and using RPS with no problems but the SMS server is new and I found dropped packets by the inspection policy for the inspected SMS server as below


fwsm# sho service-policy

Global policy:

  Service-policy: global_policy

    Class-map: inspection_default

      Inspect: dns maximum-length 512, packet 358660, drop 0, reset-drop 0

      Inspect: ftp, packet 1873, drop 0, reset-drop 0

      Inspect: h323 h225, packet 0, drop 0, reset-drop 0

      Inspect: h323 ras, packet 0, drop 0, reset-drop 0

      Inspect: netbios, packet 224450, drop 0, reset-drop 0

      Inspect: rsh, packet 0, drop 0, reset-drop 0

      Inspect: sip, packet 0, drop 0, reset-drop 0

      Inspect: skinny, packet 0, drop 0, reset-drop 0

      Inspect: sqlnet, packet 1265466, drop 0, reset-drop 0

      Inspect: sunrpc, packet 68218, drop 0, reset-drop 0

      Inspect: tftp, packet 0, drop 0, reset-drop 0

      Inspect: xdmcp, packet 72, drop 0, reset-drop 0

      Inspect: dcerpc, packet 100362, drop 18, reset-drop 0




Also the output of " debug dcerpc events" gives this error "DCERPC-ERR: Corrupted packet, incorrect scm reply header"


Removing the DCREPC inspection interupts other application .


the FWSM version is 4.1(7) .


ANY IDEA ?







  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion