 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Microsoft Remote Procedure Call (MS RPC) is the Microsoft implementation of the Distributed Computing Environment (DCE) RPC. Like the Sun RPC (see Sun RPC ALG), MS RPC provides a way for a program running on one host to call procedures in a program running on another host. Because of the large number of RPC services and the need to broadcast, the transport address of an RPC service is dynamically negotiated based on the service program's Universal Unique IDentifier (UUID). The specific UUID is mapped to a transport address.
J-series device running JUNOS software support MS RPC as a predefined service and allow and deny traffic based on a policy you configure. The ALG provides the functionality for J-series Services devices to handle the dynamic transport address negotiation mechanism of the MS RPC, and to ensure UUID-based security policy enforcement. You can define a security policy to permit or deny all RPC requests, or to permit or deny by specific UUID number. The ALG also supports route and NAT mode for incoming and outgoing requests.
The corresponding TCP/UDP ports are dynamic. To permit them, you use a set applications application-name term term-name uuid hex-number statement for each number. The ALG maps the program numbers into dynamically negotiated TCP/UDP ports based on these four UUIDs and permits or denies the service based on a policy you configure.
Table 87 lists predefined Microsoft services, parameters associated with each service, and a brief description of each service. Parameters include Universal Unique Identifiers (UUIDs) and TCP/UDP source and destination ports. A UUID is a 128-bit unique number generated from a hardware address, a timestamp, and seed values.
Table 87: Predefined Microsoft RPC Services
|
junos-ms-rpc-portmap-tcp |
junos-ms-rpc-portmap |
|
junos-ms-rpc-portmap-udp |
|
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |