Every single project…. every single firewall guy, and every single requirement list that I had to dig into…
Windows Management Traffic leverages the same ports as RPC traffic (TCP 135 for initial connection, and after that a random port within a defined port-range), however it does not adhere to the RPC specification and will therefore not be correctly identified by any firewall (yes, any firewall) as RPC traffic. Most firewalls tries to dynamically identify the specific port for the session within the dynamic range, however this requires that lots of things are RPC and not MSRPC.
Cisco wrote it pretty clearly;
As Microsoft switched from using pure RPC to use DCOM (ORPC) calls, those non-epm calls will be used more and more. Windows RPC/DCOM services use the RPC Endpoint Mapper to accept initial communications on port 135 and then dynamically transition to ports for the service.
Just open all the high-ports.
Testing RPC ports with PowerShell (and yes, it’s as much fun as it sounds)
Wireshark-article if you ever need to troubleshoot