https://live.paloaltonetworks.com/t5/general-topics/app-id-ms-rdp-not-allowed-traffic-being-blocked-as-cotp/m-p/284837#M76353 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/110025">@Jonathan_Panes</a>,</P><P>So first off you should really consider upgrading your firewall; your current build is old and has a number of security vulnerabilities that you'd want patched. Second, your initial thought on Implicit is correct, you don't need to include cotp or t.120 to get this to work correctly.</P><P>&nbsp;</P><P>As to why it's not getting identified correctly, my immediately jump to the following:</P><P>1) What's your content version? I recall ms-rdp being updated recently, so it may be that your signature has gotten too old and the firewall can&nbsp; no longer identify the traffic properly.</P><P>2) Are you utilizing default ports? If you utilize non-standard ports cotp is going to fall under application-default due to it utilizing dynamic ports, md-rdp is only going to get identified properly when operating on 3389.&nbsp;</P><P>&nbsp;</P> Fri, 23 Aug 2019 17:43:31 GMT BPry 2019-08-23T17:43:31Z https://live.paloaltonetworks.com/t5/general-topics/app-id-ms-rdp-not-allowed-traffic-being-blocked-as-cotp/m-p/284766#M76347 <P>Hi All,</P><P>&nbsp;</P><P>Were running 7.1.14.&nbsp;</P><P>Ive created a rule to allowed ms-rdp to the rule. Ive checked first if ms-rdp has any dependencies, there is none. It implicitly uses cotp and t.120.</P><P>&nbsp;</P><P>So from what i understand from the meaning of Implicitly uses, i only need to allow the main application which is ms-rdp and in turn it will allow implicitly cotp and t1.20. When we did our RDP testing the traffic got blocked with a policy-deny with an application of cotp. Ive added cotp to the rule and the connection worked on upon logging at session end its seeing it as ms-rdp.</P><P>&nbsp;</P><P>So im not sure whether my understanding of the "Implicitly uses" is wrong or is there something else im missing out here.</P> Fri, 23 Aug 2019 14:11:23 GMT https://live.paloaltonetworks.com/t5/general-topics/app-id-ms-rdp-not-allowed-traffic-being-blocked-as-cotp/m-p/284766#M76347 Jonathan_Panes 2019-08-23T14:11:23Z https://live.paloaltonetworks.com/t5/general-topics/app-id-ms-rdp-not-allowed-traffic-being-blocked-as-cotp/m-p/284837#M76353 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/110025">@Jonathan_Panes</a>,</P><P>So first off you should really consider upgrading your firewall; your current build is old and has a number of security vulnerabilities that you'd want patched. Second, your initial thought on Implicit is correct, you don't need to include cotp or t.120 to get this to work correctly.</P><P>&nbsp;</P><P>As to why it's not getting identified correctly, my immediately jump to the following:</P><P>1) What's your content version? I recall ms-rdp being updated recently, so it may be that your signature has gotten too old and the firewall can&nbsp; no longer identify the traffic properly.</P><P>2) Are you utilizing default ports? If you utilize non-standard ports cotp is going to fall under application-default due to it utilizing dynamic ports, md-rdp is only going to get identified properly when operating on 3389.&nbsp;</P><P>&nbsp;</P> Fri, 23 Aug 2019 17:43:31 GMT https://live.paloaltonetworks.com/t5/general-topics/app-id-ms-rdp-not-allowed-traffic-being-blocked-as-cotp/m-p/284837#M76353 BPry 2019-08-23T17:43:31Z