1.5 Prerequisites/Preconditions

This protocol assumes that the firewall and advanced security components have been initialized, are running, and have registered the corresponding RPC interface that is defined in section 2.1. This protocol also assumes that the policy in the host firewall and advanced security components, which resides on the server side, already allows the inbound traffic that the client computer, which is running the management tool, sends to the server during exercise of this protocol.

This protocol requires Security Support Provider Interface (SSPI) security by using packet privacy protection level (RPC_C_PROTECT_LEVEL_PKT_PRIVACY) and GSS negotiate authentication (RPC_C_AUTHN_GSS_NEGOTIATE), which negotiates between Kerberos Protocol Extensions [MS-KILE] and NT LAN Manager (NTLM) Authentication Protocol [MS-NLMP] authentication.