Been testing some PA firewall functionality and noticed that ms-rdp has the implicit use of "cotp" defined, but the cotp application matches to a rule further down the policy list. When I review the logs, it looks like this
Am I misunderstanding having cotp as implicitly allowed by the ms-rdp application? Not sure why ms-rdp is allowed as part of the Test-RDP rule but then cotp drops down to a policy further in the list.
I could add the cotp application to the Test-RDP rule, but shouldn't Test-RDP be where cotp is getting caught already?
Solved! Go to Solution.
Hi @MathewRD .
when the tcp handshake is initiated for any application the firewall will view all policies for an explicit allow. If none are available then it will check again for any implicit allows.
i found these links helpful.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!