topic what is standard port of ms-dtc app-id? in General Topics

what is standard port of ms-dtc app-id?

Roh1 — Wed, 03 Apr 2013 07:14:07 GMT

Hello.

I checked that ms-dtc standard port is tcp 139 on applipedia. I created couple of security rule for ms-dtc app-id and one was applied application-default at service column and other was applied specific service port tcp-49210, tcp-49217, tcp-49291.

Unfortunately PAN warned shadowing rule for above security rules.

I believe that ms-dtc app-id has not only tcp-139 and have a any other or more ports applied.

Please let me know what is standard port of ms-dtc app-id.

Thanks.

Re: what is standard port of ms-dtc app-id?

mikand — Wed, 03 Apr 2013 07:43:34 GMT

ms-dtc use tcp/135 as standard port according to applipedia Application Research Center

However its dependent on msrpc, netbios-ss, ms-ds-smb which use:

msrpc

Standard Ports: tcp/dynamic, udp/dynamic

Depends on: ms-ds-smb, netbios-ss

netbios-ss

Standard Ports: tcp/139

ms-ds-smb

Standard Ports: tcp/445,139, udp/445

Depends on: netbios-dg, netbios-ss

netbios-dg

Standard Ports: udp/138

so I guess its not the ms-dtc itself that creates the shadowed rule but the dependency towards msrpc...

Re: what is standard port of ms-dtc app-id?

mikand — Wed, 03 Apr 2013 07:58:52 GMT

By the way, shadowing rule sounds odd when you use appid's.

Are you sure that none of the above dependencies isnt already used in the other rules?

In PANOS 5.0 PAN did some work regarding dependencies so one doesnt (in many cases) have to manually add all dependencies needed which gives that your previous workaround of manually added appid's (dependencies) can now be removed if you use 5.0 or newer.

Re: what is standard port of ms-dtc app-id?

Roh1 — Wed, 03 Apr 2013 08:19:18 GMT

Thanks.

PANOS 5.0.x is installed on my device that makes warn shadowing rule caused you mentioned. It's a cool enhanced app-id!!!. Many Thanks.

Application Dependency Enhancement – For some protocols, you can allow an application in security policy without

explicitly allowing its underlying protocol. This support is available if the application can be identified within a predetermined point in the session, and has a dependency on any of the following applications: HTTP, SSL, MSRPC, RPC,

t.120, RTSP, RTMP, and NETBIOS-SS. Custom applications based on HTTP, SSL, MS-RPC, or RTSP can also be

allowed in security policy without explicitly allowing the underlying protocol. For example, if you want to allow Java

software updates, which use HTTP (web-browsing), you no longer have to allow web-browsing. This feature will reduce

the overall number of rules needed to manage policies.