12-22-2022 04:07 AM
Hi all,
We are having an issue with RDP sessions.
We recently moved the traffic from a L3 switch to our Palo NGFW and since then Occasionally, RDP sessions freezes for only a few seconds and than continue regularly.
We tried app-override to see if it app-id related, but that didn't solve the issue.
We also tried to change registry values according to this article https://live.paloaltonetworks.com/t5/general-topics/rdp-freeze-fix-globalprotect/td-p/335816 but still not solved.
I would say that it happens on a specific segment. It seem to be working well on other segments (Through the FW).
Does anyone have any suggestions?
01-17-2023 11:09 PM
Hi all,
Thanks for the help.
At the end we opened a case with TAC and they found the problem and the issue was solved.
We had application override that changed the ms-rdp app to rtcp app.
With rtcp app the ttl was 180 s while with the ms-rdp it was much higher and that was the reason the session was freezed (apparently it happened every time the system was idle which explains the ttl difference).
12-22-2022 11:17 AM
Hello,
If the device is not super constrained for resources and its still occurring, you could try to disable the server response inspection feature in the policy that is being used for the traffic. the check box in under the Actions tab when editing the policy.
Might help.
Cheers!
12-29-2022 12:58 AM
Thanks,
The device is not super constrained for resources and its still occurring in a lot of RDP sessions.
We did see counters for interfaces on the FW showing increased rcv_fifo_overrun.
12-29-2022 06:20 AM
I've found that I get better RDP performance through PAN when you disable the ability to use UDP. Might want to try that on a machine that you're having an issue with and see if that goes away.
12-29-2022 06:28 AM
Thanks for the suggestion.
We already tried that but it seems that the issue still persists.
We created a custom-rdp app and placed it in an app override policy rule. that didn't solve the issue as well.
12-29-2022 07:18 AM
Hi @AmitKa79,
I had a customer for which we replaced a FW with PANW. His RDP sessions became terribly slow. We never could find the solution on the NGFW, but it started when we put the new NGFW in place just like your scenario. We disabled UDP in the RDP config of each server as @BPry suggested, and the performance improved dramatically. Just sharing my experience.
Thanks,
Tom
01-04-2023 12:11 AM
Thank you all for the help,
Unfortunately the issue still persist, even after doing all that was suggested here, so we open a case with TAC.
01-17-2023 11:09 PM
Hi all,
Thanks for the help.
At the end we opened a case with TAC and they found the problem and the issue was solved.
We had application override that changed the ms-rdp app to rtcp app.
With rtcp app the ttl was 180 s while with the ms-rdp it was much higher and that was the reason the session was freezed (apparently it happened every time the system was idle which explains the ttl difference).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
