User is trying to connect with MS-RDP. Log shows TCP 3389 but application is not-applicable

FrankMurray — Fri, 20 Aug 2021 22:23:35 GMT

We've got a remote user connecting with GlobalProtect. He's trying to RDP to a PC on our inside network. There is a security policy that he should be matching- traffic matches source and destination zones, user-ID is matching the right group, HIP check is good. it seems to be failing to match the policy because it's not matching on the application. The user is using MS-RDP and the traffic is showing up on TCP port 3389.

Any thoughts?

Thanks

Re: User is trying to connect with MS-RDP. Log shows TCP 3389 but application is not-applicable

BPry — Sun, 22 Aug 2021 04:13:41 GMT

@FrankMurray,

So MS-RDP implicitly uses COTP and t.120, but I've actually found that the firewall sometimes doesn't actually allow the traffic if COTP isn't specifically specified and will at times drop the COTP traffic. As a test, add COTP as an application member on this security entry and have the user try again.

topic Re: User is trying to connect with MS-RDP. Log shows TCP 3389 but application is not-applicable in General Topics

User is trying to connect with MS-RDP. Log shows TCP 3389 but application is not-applicable

Re: User is trying to connect with MS-RDP. Log shows TCP 3389 but application is not-applicable