what is standard port of ms-dtc app-id?

cancel
Showing results for 
Search instead for 
Did you mean: 

what is standard port of ms-dtc app-id?

Not applicable

Hello.

I checked that ms-dtc standard port is tcp 139 on applipedia. I created couple of security rule for ms-dtc app-id and one was applied application-default at service column and other was applied specific service port tcp-49210, tcp-49217, tcp-49291.

Unfortunately PAN warned shadowing rule for above security rules.

I believe that ms-dtc app-id has not only tcp-139 and have a any other or more ports applied.

Please let me know what is standard port of ms-dtc app-id.

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

By the way, shadowing rule sounds odd when you use appid's.

Are you sure that none of the above dependencies isnt already used in the other rules?

In PANOS 5.0 PAN did some work regarding dependencies so one doesnt (in many cases) have to manually add all dependencies needed which gives that your previous workaround of manually added appid's (dependencies) can now be removed if you use 5.0 or newer.

View solution in original post

3 REPLIES 3

L6 Presenter

ms-dtc use tcp/135 as standard port according to applipedia Application Research Center

However its dependent on msrpc, netbios-ss, ms-ds-smb which use:

msrpc

Standard Ports: tcp/dynamic, udp/dynamic

Depends on: ms-ds-smb, netbios-ss

netbios-ss

Standard Ports: tcp/139

ms-ds-smb

Standard Ports: tcp/445,139, udp/445

Depends on: netbios-dg, netbios-ss

netbios-dg

Standard Ports: udp/138

so I guess its not the ms-dtc itself that creates the shadowed rule but the dependency towards msrpc...

By the way, shadowing rule sounds odd when you use appid's.

Are you sure that none of the above dependencies isnt already used in the other rules?

In PANOS 5.0 PAN did some work regarding dependencies so one doesnt (in many cases) have to manually add all dependencies needed which gives that your previous workaround of manually added appid's (dependencies) can now be removed if you use 5.0 or newer.

View solution in original post

Thanks.

PANOS 5.0.x is installed on my device that makes warn shadowing rule caused you mentioned. It's a cool enhanced app-id!!!. Many Thanks.

Application Dependency Enhancement – For some protocols, you can allow an application in security policy without

explicitly allowing its underlying protocol. This support is available if the application can be identified within a predetermined point in the session, and has a dependency on any of the following applications: HTTP, SSL, MSRPC, RPC,

t.120, RTSP, RTMP, and NETBIOS-SS. Custom applications based on HTTP, SSL, MS-RPC, or RTSP can also be

allowed in security policy without explicitly allowing the underlying protocol. For example, if you want to allow Java

software updates, which use HTTP (web-browsing), you no longer have to allow web-browsing. This feature will reduce

the overall number of rules needed to manage policies.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!