Table of Contents
Advertisement
Network and Security Manager Administration Guide
388
For Program Low, enter 100227.
For Program High, enter 100227.
Click OK again to save the new service object.
Example: Creating a Custom MS-RPC Service
In this example, you create a service object called my-ex-info-store that includes the
UUIDs for the MS Exchange Info Store service. Because MS RPC services use dynamically
negotiated ports, you can not use regular service objects based on fixed TCP/UDP ports
to permit them in a security policy. Instead, you must create MS RPC service objects using
UUIDs. The MS Exchange Info Store service, for example, uses the following four UUIDs:
0e4a0156-dd5d-11d2-8c2f-00c04fb6bcde
1453c42c-0fa6-11d2-a910-00c04f990f3b
10f24e8e-0fa6-11d2-a910-00c04f990f3b
1544f5e0-613c-11d1-93df-00c04fd7bd09
The corresponding TCP/UDP ports are dynamic. To permit them, you create an
ms-exchange-info-store service object that contains these four UUIDs. The ALG maps
the program numbers into dynamically negotiated TCP/UDP ports based on these four
UUIDs, and permits or denies the service based on a rule you configure.
To create the MS-RPC service:
In the main navigation tree, select Object Manager > Service Objects > Custom
1.
Service Objects.
In the main display area, click the Add icon and select Service. The New Service
2.
dialog box appears.
Configure the following:
3.
a.
For Name, enter my-ex-info-store..
b.
For Timeout, select Default.
c.
For Color, select blue.
d.
Enter a comment, if desired.
Select the MS-RPC tab. Configure a service entry for each of the following UUIDs:
4.
0e4a0156-dd5d-11d2-8c2f-00c04fb6bcde
1453c42c-0fa6-11d2-a910-00c04f990f3b
10f24e8e-0fa6-11d2-a910-00c04f990f3b
1544f5e0-613c-11d1-93df-00c04fd7bd09
Click OK to save the new service object.
5.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
