Cant deny users from using remote desktop on non standard tcp port

Reply
Highlighted
L3 Networker

Cant deny users from using remote desktop on non standard tcp port

I am trying test app id & put a rule in (all the way on top) denying my work station from accessing RDP on machines in other zones.  I have successfully blocked users from accessing RDP on standard port 3389 but can still access RDP on a machine that listens for RDP on a non standard port (tcp 51000).  I did not specify the non standard port in the security policy like I did port 3389 but I did use app ID in the rule for "ms-rdp" and "t.120" and expected the app ID feature to catch the connection and deny it.  What am I missing & why wont the PA deny the RDP connection using app ID on the non standard tcp port?

 

rdp.PNG

 

Tags (1)
L7 Applicator

Re: Cant deny users from using remote desktop on non standard tcp port

your rule is set explicitly for port 3389. it doesn't matter what you have in any other of the boxes as it  has to match 3389.

 

can you monitor the allowed traffic on port 51000, is it recognised as ms-rdp.

 

if not then you will have to rethink your policy but as it stands it can be either ms-rdp or t.120 but must be 3389 to be denied.

L7 Applicator

Re: Cant deny users from using remote desktop on non standard tcp port

You have to change Service field to "Any" to block ms-rdp on any port.

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE (3.0, 5.0, 6.0, 7.0), PCNSE (6, 7), PCNSI
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!