17-27
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Configuring DCE/RPC Maps
Use the Add or Edit DCE/RPC Map dialog boxes to define a map for DCE/RPC inspection. A DCE/RPC
inspection policy map lets you change the default configuration values used for DCE/RPC inspection.
DCE/RPC is a protocol widely used by Microsoft distributed client and server applications that allows
software clients to execute programs on a server remotely.
This typically involves a client querying a server called the Endpoint Mapper listening on a well-known
port number for the dynamically allocated network information of a required service. The client then sets
up a secondary connection to the server instance providing the service. The security appliance allows the
appropriate port number and network address and also applies NAT, if needed, for the secondary
connection.
DCE/RPC inspection maps inspect for native TCP communication between the EPM and client on
well-known TCP port 135. Map and lookup operations of the EPM are supported for clients. Client and
server can be located in any security zone. The embedded server IP address and port number are received
from the applicable EPM response messages. Because a client may attempt multiple connections to the
server port returned by EPM, multiple use of pinholes are allowed, which have user configurable
timeouts.
Navigation Path
Select Manage > Policy Objects, then select Maps > Policy Maps > Inspect > DCE/RPC from the
Object Type selector. Right-click inside the work area, then select New Object or right-click a row and
select Edit Object.
Related Topics
Understanding Map Objects, page 6-72
Match table
Match Type
The Match table lists the criteria included in the class map. Each row
indicates whether the inspection is looking for traffic that matches or
does not match each criterion and the criterion and value that is
inspected.
To add a criterion, click the Add button and fill in the Match
Criterion dialog box. For more information, see the topics
referenced above.
To edit a criterion, select it and click the Edit button.
To delete a criterion, select it and click the Delete button.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.
Table17-11 Add or Edit Class Maps Dialog Boxes for Inspection Rules (Continued)
Element Description