Better logging & RPC Traffic
-
A packet capture can't know what was passed or blocked, it only shows packets received on the wire.
The firewall log would show passes/blocks provided that you have your firewall rules all set to log (including the default deny rule controlled by the checkbox on the log settings tab)
-
This may help:
http://support.microsoft.com/kb/224196 -
Thanks but ive read that link before, no help.
The following shows that 135 & "random high TCP ports" are used for cert services. Unfortunately im not sure how i'd go about setting them to specific ports.
http://technet.microsoft.com/en-us/library/cc875824.aspxThis:
http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
Seems to imply that i can force the ports to certain numbers…i'll try it in a test lab, see if it breaks anything.I suppose at that point if ive got it on a specific port range and that range is allowed both LAN side and OpenVPN side on BOTH PFs, then that's PF out of the equation then isnt it?
-
Yes, it would appear to be the case.
-
As an update:
I THINK ive resolved this….wasnt PfSense causing this at all, it was TMG.
"strict RPC compliance" was on. Turn it off, and thus far, works fine, as well as fixing a few other minor issues which i assume use RPC or DCOM.
Im still testing but it'll be hilarious if a protocol that MS products rely on to work, is "broken" by a MS product too. :p
