Which Firewalls Can Filter RPC UUIDs?

From: Will (DELETE_westes_at_earthbroadcast.com)
Date: 11/26/05 

Date: Sat, 26 Nov 2005 12:02:23 -0800

Aside from Microsoft's ISA Server 2004, which commercial firewalls can
actively filter RPC responses from a Windows 200x server to present only a
subset of all supported services (i.e., UUIDs)? My specific requirements
are:

- All clients are on separate networks from the RPC server, separated by a
firewall.

- All requests between the networks are routed (i.e., no NAT)

- When a client requests RPC to list all services on the server, the
firewall will *not* show the true list of RPC services available, but will
instead proxy a reduced list of services.

- The firewall is able to maintain context of a RPC session, so that
requests for secondary connections to the actual RPC service on its UUID
port will not be allowed unless it is in connection with a valid RPC
request.

- RPC requests are inspected to make sure they are properly formed (i.e., no
random data being sent to port 135).

- Preferably, some entry-level version of the product costs less than $1000.
(I still want to hear about products that cost more though.)

I've been working with ISA Server 2004, and while I like it in general as an
internal proxy server/firewall, I am having a miserable time working with
its custom RPC support. It claims to do all of the above, but I'm finding
that the RPC support is buggy, poorly documented, and only appears to work
correctly if you use NAT. Since the server I'm trying to protect here is
an Active Directory server, I'm not anxious to have every member computer in
our domain attach to such a critical machine using an NAT address. That
makes it incredibly problematic to switch out the firewall if other problems
with it develop. 

-- 
Will

Relevant Pages