SMB share - Right clicking shared folder and selecting folder properties

dmellors — Thu, 07 Mar 2024 14:17:02 GMT

Hi all,

We have observed an issue with an SMB share which traverses our PA FW.

The initial rule was setup simply such that the client was allowed to access the remote SMB share in the firewall rule base by use of the inbuilt ms-ds-smb application container.

Client was able to browse to the folder fine and upload/download files fine with no issues.

However upon the client right clicking on the mapped remote shared folder and running the properties command, there is a lengthy delay (over 30 seconds) before the properties dialogue box pops up for the user. The same behaviour for the user when accessing remote over VPN and bypassing the PA FW is not present, the response is immediate.

When we looked at the PA FW logs between the client and the SMB share we could see there was a deny on TCP 445 but for the active-directory-base App ID. We added this into the rule (and its various dependencies (kerberos, ms-netlogon, netbios-dg, netbios-ns, netbios-ss)) and requested the client retest.

The issue was still present at this point for the client. The active-directory-base deny log however no longer appeared but instead we were now seeing a deny of the msrpc App ID (again on TCP 445) . When this was also added in the issue was fixed and the client was able to get an immediate response back when running the properties command on the shared folder.

My query then is why are these additional App ID's required. It seems the additional App ID's we had to add in should be inherited by simply using the ms-ds-smb App ID container. I get the granularity argument but its not intuitive at all and seems over kill to have to troubleshoot and add in the above to just get a right click/properties function to work on an SMB share/folder.

Thanks for reading through and for any feedback provided.

Re: SMB share - Right clicking shared folder and selecting folder properties

OtakarKlier — Thu, 07 Mar 2024 21:57:57 GMT

Hello,

Check out this article. Might help.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpfCAC

Regards,

Re: SMB share - Right clicking shared folder and selecting folder properties

dmellors — Fri, 08 Mar 2024 08:42:42 GMT

Thanks that's useful should we run into slow throughput on the SMB share.

The query above was more around having to also specify additional App ID's in the rule to get the right click menu properties to work correctly for the user on the shared folder.

Thanks for your response.

topic Re: SMB share - Right clicking shared folder and selecting folder properties in Next-Generation Firewall Discussions

SMB share - Right clicking shared folder and selecting folder properties

Re: SMB share - Right clicking shared folder and selecting folder properties

Re: SMB share - Right clicking shared folder and selecting folder properties