ScreenOS Firewalls (NOT SRX)
Reply
Trusted Contributor
Nemanja
Posts: 23
Registered: ‎03-17-2009
0

Re: Application using DCOM

Hi Ante,

 

Do you know which packet (source IP, destination IP, source port, destination port) is dropped?

 

 From the debug I can see that both addresses 172.25.120.100 and 192.168.30.58 act as MSRPC servers since they both have communication from port 135. 

 

Traffic from  172.25.120.100 as a client to  192.168.30.58 as a server seems to pass OK as there are no dropps in the debugs.

 

The problem with this debug is that it does not catch traffic from  192.168.30.58 to 172.25.120.100 since 192.168.30.58 is behind a VPN.  To catch also this communication flow filter needs to be extended it include all VPN communication. As it is not good to have all this info in a public forum maybe you can send me a PM or even better open a JTAC case.

 

But first please let me know which traffic is dropped?

 

Thanks,

Nemanja

 

Visitor
Ante
Posts: 6
Registered: ‎08-17-2009
0

Re: Application using DCOM

Hi,

 

The traffic that is blocked comes from 192.168.30.58, and the source ports are different each time I start the application.

Every time I run the application it tries to open three different ports, but it´s not the same three ports every time.

The destination port is different every time I run the application, but it´s always just one destination port every time the application is run.

Don´t know if this was a good explanation so to sum it up: every time the application is run there is three different source ports blocked and they all have the same destination port. The ports are all TCP.

JTAC case is opened.

 

Thanks

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.