User is trying to connect with MS-RDP. Log shows TCP 3389 but application is not-applicable

cancel
Showing results for 
Search instead for 
Did you mean: 

User is trying to connect with MS-RDP. Log shows TCP 3389 but application is not-applicable

L1 Bithead

We've got a remote user connecting with GlobalProtect.  He's trying to RDP to a PC on our inside network.  There is a security policy that he should be matching-  traffic matches source and destination zones, user-ID is matching the right group,  HIP check is good.  it seems to be failing to match the policy because it's not matching on the application.  The user is using MS-RDP and the traffic is showing up on TCP port 3389. 

 

Any thoughts?

 

Thanks

 

 

1 REPLY 1

Cyber Elite
Cyber Elite

@FrankMurray,

So MS-RDP implicitly uses COTP and t.120, but I've actually found that the firewall sometimes doesn't actually allow the traffic if COTP isn't specifically specified and will at times drop the COTP traffic. As a test, add COTP as an application member on this security entry and have the user try again. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!