Which Firewalls Can Filter RPC UUIDs?

Aside from Microsoft's ISA Server 2004, which commercial firewalls can actively filter RPC responses from a Windows 200x server to present only a subset of all supported services (i.e., UUIDs)? My specific requirements are:

- All clients are on separate networks from the RPC server, separated by a firewall.

- All requests between the networks are routed (i.e., no NAT)

- When a client requests RPC to list all services on the server, the firewall will *not* show the true list of RPC services available, but will instead proxy a reduced list of services.

- The firewall is able to maintain context of a RPC session, so that requests for secondary connections to the actual RPC service on its UUID port will not be allowed unless it is in connection with a valid RPC request.

- RPC requests are inspected to make sure they are properly formed (i.e., no random data being sent to port 135).

- Preferably, some entry-level version of the product costs less than $1000. (I still want to hear about products that cost more though.)

I've been working with ISA Server 2004, and while I like it in general as an internal proxy server/firewall, I am having a miserable time working with its custom RPC support. It claims to do all of the above, but I'm finding that the RPC support is buggy, poorly documented, and only appears to work correctly if you use NAT. Since the server I'm trying to protect here is an Active Directory server, I'm not anxious to have every member computer in our domain attach to such a critical machine using an NAT address. That makes it incredibly problematic to switch out the firewall if other problems with it develop.

Reply to
Loading thread data ...

Windows uses DCE RPC. Every firewalling system, which can filter DCE RPC, can do this.

Yours, VB.

Reply to
Volker Birk

I'm not talking about opening port 135. I'm talking about inspecting its content and making decisions about which secondary connections to accept, and which UUID services to present to the client.

Reply to


CheckPoint FW-1 can do this stuff.

Looking at Check Point NG/AI book, on page 186, you can select which UUID can be filtered. You can also use 0 for the UUID and log everything on RPC connection and find out which UUID are used and filter each UUID as your needs.from...

But the price may be high for you environment.

The best suggestion I can give is to use what you know.

URL for the Book:

formatting link

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.