VPN remote desktop connection deep inspection

MRamadanAHafiez — Thu, 17 Dec 2020 20:27:38 GMT

Hello Bros,

In our deployment we had to give access for few employees to ms-rdp to their work PCs to do remote work staff.

recently we started to receive some complains regarding connections for all rdp's and other collaboration services through the VPN.

while we were trying to investigate the ms-rdp rules logs, we found that we have no more details in the logs available to understand what was going on, logs are so meaningless, for example:

we knew by internal investigation that one of the rdp employees were tring to copy large amout of data which ofcourse caused the link utilized and badly affected all other VPN services.

I have made rdp to my PC and coped large file, tested the logs, ironically, no logs telling there were file transfere at all.

the quesstion is guys, what missing and need to be done regarding this ms-rdp rules enabled more deep packet inspection?

Software Version 9.0.9-h1

TIA:MR

Re: VPN remote desktop connection deep inspection

BPry — Sun, 20 Dec 2020 05:54:37 GMT

@MRamadanAHafiez,

You can't. Once an RDP connection is established it forms an encrypted tunnel to the endpoint, and there's no way for the firewall to decrypt that and actually look at what's happening. In most secure environments, you would disable the ability to do any sort of file transfer via RDP for this very reason.

topic Re: VPN remote desktop connection deep inspection in General Topics

VPN remote desktop connection deep inspection

Re: VPN remote desktop connection deep inspection