Nominated Discussion: App-ID Windows Remote Management Showing Up As Web-Browsing

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member
No ratings

This article is based on a discussion, App-ID Windows Remote Management Showing Up As Web-Browsing, posted by @Gun-Slinger and answered by the Support Team. Read on to see the discussion and solution!

 

We recently upgraded to 10.1.5-h1 and it appears after the upgrade the Windows-Remote-Management traffic over tcp5985 is now being identified as Web-browsing. This is causing that traffic to drop. We checked dynamic updates and presently leveraging the latest update released on 5/16. Seeing if this is a growing issue?

Solution:

 

Closing the loop on this issue. After working with TAC there is a known issue that is resolved in the 10.1.6 code released yesterday. The issue is when a policy uses L7 app-id with specific ports configured in the service port field as opposed to using "application-default". I took the workaround I used and changed it to application-default, removed the specific tcp ports listed, and removed web-browsing; leaving just windows-remote-management. This resolved the issue and will plan on an upgrade in the near future to 10.1.6.

 

Rate this article:
Register or Sign-in
Labels
Article Dashboard
Version history
Last Updated:
‎09-09-2022 02:35 PM
Updated by: