If you’ve worked with RPC issues on the ISA or TMG firewall in the past, you know that RPC depends on dynamic port assignments, so that you need to consider what the range of ports is going to be used for RPC communications. While this isn’t a problem on the intranet, sometime you want to allow RPC through firewalls and want to limit the number of ports available through the firewall. Sometimes this is a good idea, and sometimes it’s not.
It’s definitely not a good idea when you’re trying to do this on the TMG firewall itself!
To find out why, check out Ben Ari’s blog post on this subject:
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)