https://live.paloaltonetworks.com/t5/general-topics/paloalto-fw-rdp-across-multiple-ad-domains/m-p/381412#M89751 <P>I'm part of a cloud team that does not manage the FW but am not getting clear answers from them.</P><P>My operations counterparts have the following issue:</P><P>&nbsp;</P><P>Support person logs into IP address x.x.x.x into production domain. As part of their function, they must RDP into servers on prod/dev/pat/sit domains. Each domain with a separate ID once the rdp client hits the end point.</P><P>&nbsp;</P><P>After some time passes, RDP stops working to a particular domain or set of domains.</P><P>&nbsp;</P><P>To resolve this at times, the network team has restarted some agent.</P><P>&nbsp;</P><P>They can't explain why it happens. It's become a huge nuisance.</P><P>&nbsp;</P><P>Thoughts?</P> Fri, 22 Jan 2021 05:19:56 GMT PhlackJack 2021-01-22T05:19:56Z https://live.paloaltonetworks.com/t5/general-topics/paloalto-fw-rdp-across-multiple-ad-domains/m-p/381412#M89751 <P>I'm part of a cloud team that does not manage the FW but am not getting clear answers from them.</P><P>My operations counterparts have the following issue:</P><P>&nbsp;</P><P>Support person logs into IP address x.x.x.x into production domain. As part of their function, they must RDP into servers on prod/dev/pat/sit domains. Each domain with a separate ID once the rdp client hits the end point.</P><P>&nbsp;</P><P>After some time passes, RDP stops working to a particular domain or set of domains.</P><P>&nbsp;</P><P>To resolve this at times, the network team has restarted some agent.</P><P>&nbsp;</P><P>They can't explain why it happens. It's become a huge nuisance.</P><P>&nbsp;</P><P>Thoughts?</P> Fri, 22 Jan 2021 05:19:56 GMT https://live.paloaltonetworks.com/t5/general-topics/paloalto-fw-rdp-across-multiple-ad-domains/m-p/381412#M89751 PhlackJack 2021-01-22T05:19:56Z https://live.paloaltonetworks.com/t5/general-topics/paloalto-fw-rdp-across-multiple-ad-domains/m-p/381503#M89754 <P>quick question,,,</P><P>&nbsp;</P><P>does the rdp sessions to that domain get disconnected whilst in use or are new connections not allowed through?</P><P>&nbsp;</P><P>it may be that there is not enough domain activity for the user agent to be updated. if so then it may be worth trying to increase the user timeout from default 45 mins to 8 hours or so...</P> Fri, 22 Jan 2021 12:23:11 GMT https://live.paloaltonetworks.com/t5/general-topics/paloalto-fw-rdp-across-multiple-ad-domains/m-p/381503#M89754 Mick_Ball 2021-01-22T12:23:11Z https://live.paloaltonetworks.com/t5/general-topics/paloalto-fw-rdp-across-multiple-ad-domains/m-p/381857#M89780 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/169130">@PhlackJack</a>,</P> <P>So the thing with RDP is that, depending on the configuration, the endpoint that you are using authenticates the request and user-id on the firewall can switch to the authenticated RD user instead. Depending on the firewalls configuration, this may make it so that the endpoint is identified with a user that doesn't actually have the proper permission on the firewall to work properly. So what the admin is likely doing is simply clearing the user-id entry associated with the endpoint.&nbsp;</P> <P>It could also easily be that the user-id information is aging out like&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/9981">@Mick_Ball</a>&nbsp;mentioned. Again, this would mean that if user-id is being leveraged in the rulebase they would no longer be able to do certain actions.</P> <P>&nbsp;</P> <P>Regardless of the issue, it sounds like you're running into a user-id issue. Your network team should be able to address this relatively easily through various methods.&nbsp;</P> Mon, 25 Jan 2021 04:36:49 GMT https://live.paloaltonetworks.com/t5/general-topics/paloalto-fw-rdp-across-multiple-ad-domains/m-p/381857#M89780 BPry 2021-01-25T04:36:49Z