Show Posts
1
20.1 Legacy Series / Dynamic port mapper for WMI/DCOM traffic
« on: October 05, 2020, 08:10:35 pm »
Hi All,
For a project am I using a set of OPNsense firewalls.
Now do we like to limit the high port range of MS-RPC/DCOM traffic.
This traffic is doing a handshake on TCP/135 and then uses a high port between 49152 - 65535.
For the OPNsense firewall are we looking to open dynamically the ports and close then when the session is over. Unfortuanly we cannot find this function.
In a FortiGate firewall this is called: DCE-RPC session helper
And in a Cisco ASA: DCE/RPC inspection
Does anybody know if this function is possible in a OPNsense firewall?
Thanks for possible input/answers
For a project am I using a set of OPNsense firewalls.
Now do we like to limit the high port range of MS-RPC/DCOM traffic.
This traffic is doing a handshake on TCP/135 and then uses a high port between 49152 - 65535.
For the OPNsense firewall are we looking to open dynamically the ports and close then when the session is over. Unfortuanly we cannot find this function.
In a FortiGate firewall this is called: DCE-RPC session helper
And in a Cisco ASA: DCE/RPC inspection
Does anybody know if this function is possible in a OPNsense firewall?
Thanks for possible input/answers