CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Services
Reload this Page How does FireWall-1 support RPC?
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2005-08-13
BarryStiefel BarryStiefel is offline
Administrator
  
Join Date: 2005-08-11
Location: San Francisco, CA
Posts: 534
Rep Power: 10
BarryStiefel has disabled reputation
Default How does FireWall-1 support RPC?
How does FireWall-1 support RPC?



The following applies to Unix-type RPC services.

Background Information Each RPC-based service has a unique program number (within each service, a version number). When an RPC-based program starts, it will use a random TCP and/or UDP port number. The portmapper is used to map each program number to a particular port used by the RPC-based program at that moment. The connection to the portmapper process must be UDP for FireWall-1 to support it.

How FireWall-1 handles RPC

FireWall-1 supports RPC by monitoring the client RPC request to the portmapper. Then the portmapper replies with the port number. FireWall-1 temporarily opens up that port number for the connection from the client to the server. Once the connection is over, FireWall-1 will close up the port.

Note that if your application requires RPC over TCP (i.e. the connection between client and server is TCP-based), there are two possible solutions:

3.0 firewalls: Modify $FWDIR/lib/fwui_head.def on the management console so that it contains the line: #define RPC_OVER_TCP

4.0 and later firewalls, modify $FWDIR/conf/objects.C on the management console so the property enable_tcprpc is true. For more on editing objects.C, see How do I edit objects.C or objects_5_0.C?

In term of custom application, 99% of the time, you can simply define your custom application as a new service using the following parameters:
  • type of connection: TCP, UDP, RPC ...
  • port number (for TPC, UDP)
  • or program number for RPC

Once you have done that you can use the newly-define service as any other network services: For example, using the following rule

Source Destination Service Action rpc_client rpp_server my_rpc_service Accept

to allow connection from rpc_client to rpc_service using my_rpc_service.

If you cannot define your custom application using the above parameters, you will have to write custom code to handle your custom application, for these situation please contact your support provider for help.

-- GuyR - 18 Jan 2004

FAQForm FAQs.Class: ServicesFAQs FAQs.OS: FAQs.Version:
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 01:26.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0