- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-17-2020 12:23 PM - edited 12-17-2020 12:27 PM
Hello Bros,
In our deployment we had to give access for few employees to ms-rdp to their work PCs to do remote work staff.
recently we started to receive some complains regarding connections for all rdp's and other collaboration services through the VPN.
while we were trying to investigate the ms-rdp rules logs, we found that we have no more details in the logs available to understand what was going on, logs are so meaningless, for example:
we knew by internal investigation that one of the rdp employees were tring to copy large amout of data which ofcourse caused the link utilized and badly affected all other VPN services.
I have made rdp to my PC and coped large file, tested the logs, ironically, no logs telling there were file transfere at all.
the quesstion is guys, what missing and need to be done regarding this ms-rdp rules enabled more deep packet inspection?
Software Version 9.0.9-h1
TIA:MR
12-19-2020 09:54 PM
You can't. Once an RDP connection is established it forms an encrypted tunnel to the endpoint, and there's no way for the firewall to decrypt that and actually look at what's happening. In most secure environments, you would disable the ability to do any sort of file transfer via RDP for this very reason.
12-19-2020 09:54 PM
You can't. Once an RDP connection is established it forms an encrypted tunnel to the endpoint, and there's no way for the firewall to decrypt that and actually look at what's happening. In most secure environments, you would disable the ability to do any sort of file transfer via RDP for this very reason.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!