We've got a remote user connecting with GlobalProtect. He's trying to RDP to a PC on our inside network. There is a security policy that he should be matching- traffic matches source and destination zones, user-ID is matching the right group, HIP check is good. it seems to be failing to match the policy because it's not matching on the application. The user is using MS-RDP and the traffic is showing up on TCP port 3389.
So MS-RDP implicitly uses COTP and t.120, but I've actually found that the firewall sometimes doesn't actually allow the traffic if COTP isn't specifically specified and will at times drop the COTP traffic. As a test, add COTP as an application member on this security entry and have the user try again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!