I am running a discovery tool against a system that has the Checkpoint SecuRemote VPN client installed. This client has policies that I assume are pushed down to it from a master server.
When i run our discovery against this system, the first couple of packets to port 135 will be accepted. After that, it will drop any other packets.
From research, I've determined that some higher inspection is being done and that the firewall is dropping the packet because the specific DCE RPC service is not recognized by the firewall.
Our discovery is simply WMI based - for example - using wbemtest to test from system-a to system-b (system b running the vpn client). We can overcome this by un-checking the related protocol from the NIC, but obviously this is not what we want full time.
Thank in advance,
Errol Neal
When i run our discovery against this system, the first couple of packets to port 135 will be accepted. After that, it will drop any other packets.
From research, I've determined that some higher inspection is being done and that the firewall is dropping the packet because the specific DCE RPC service is not recognized by the firewall.
Our discovery is simply WMI based - for example - using wbemtest to test from system-a to system-b (system b running the vpn client). We can overcome this by un-checking the related protocol from the NIC, but obviously this is not what we want full time.
Thank in advance,
Errol Neal