SMB share - Right clicking shared folder and selecting folder properties

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SMB share - Right clicking shared folder and selecting folder properties

L0 Member

Hi all,

 

We have observed an issue with an SMB share which traverses our PA FW.

 

The initial rule was setup simply such that the client was allowed to access the remote SMB share in the firewall rule base by use of the inbuilt ms-ds-smb application container.

 

Client was able to browse to the folder fine and upload/download files fine with no issues.

 

However upon the client right clicking on the mapped remote shared folder and running the properties command, there is a lengthy delay (over 30 seconds) before the properties dialogue box pops up for the user. The same behaviour for the user when accessing remote over VPN and bypassing the PA FW is not present, the response is immediate.

 

When we looked at the PA FW logs between the client and the SMB share we could see there was a deny on TCP 445 but for the active-directory-base App ID. We added this into the rule (and its various dependencies (kerberos, ms-netlogon, netbios-dg, netbios-ns, netbios-ss)) and requested the client retest.

 

The issue was still present at this point for the client. The active-directory-base deny log however no longer appeared but instead we were now seeing a deny of the msrpc App ID (again on TCP 445) . When this was also added in the issue was fixed and the client was able to get an immediate response back when running the properties command on the shared folder.

 

My query then is why are these additional App ID's required. It seems the additional App ID's we had to add in should be inherited by simply using the ms-ds-smb App ID container. I get the granularity argument but its not intuitive at all and seems over kill to have to troubleshoot and add in the above to just get a right click/properties function to work on an SMB share/folder. 

 

Thanks for reading through and for any feedback provided.

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello,

Check out this article. Might help.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpfCAC

 

Regards,

L0 Member

Thanks that's useful should we run into slow throughput on the SMB share.

 

The query above was more around having to also specify additional App ID's in the rule to get the right click menu properties to work correctly for the user on the shared folder.

 

Thanks for your response.

 

  • 1823 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!