Archive > 20.1 Legacy Series

Dynamic port mapper for WMI/DCOM traffic

(1/1)

coppersphinx:
Hi All,

For a project am I using a set of OPNsense firewalls.
Now do we like to limit the high port range of MS-RPC/DCOM traffic.
This traffic is doing a handshake on TCP/135 and then uses a high port between 49152 - 65535.

For the OPNsense firewall are we looking to open dynamically the ports and close then when the session is over. Unfortuanly we cannot find this function.

In a FortiGate firewall this is called: DCE-RPC session helper
And in a Cisco ASA: DCE/RPC inspection

Does anybody know if this function is possible in a OPNsense firewall?

Thanks for possible input/answers

Purneau:
@coppersphinx
Any luck figuring this out?

Navigation

[0] Message Index