VPN remote desktop connection deep inspection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN remote desktop connection deep inspection

L3 Networker

Hello Bros,

              In our deployment we had to give access for few employees to ms-rdp to their work PCs to do remote work staff.

recently we started to receive some complains regarding connections for all rdp's and other collaboration services through the VPN.

 

while we were trying to investigate the ms-rdp rules logs, we found that we have no more details in the logs available to understand what was going on, logs are so meaningless, for example:

we knew by internal investigation that one of the rdp employees were tring to copy large amout of data which ofcourse caused the link utilized and badly affected all other VPN services.

 

I have made rdp to my PC and coped large file, tested the logs, ironically, no logs telling there were file transfere at all.

the quesstion is guys, what missing and need to be done regarding this ms-rdp rules enabled more deep packet inspection?

Software Version 9.0.9-h1

TIA:MR

MR
1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@MRamadanAHafiez,

You can't. Once an RDP connection is established it forms an encrypted tunnel to the endpoint, and there's no way for the firewall to decrypt that and actually look at what's happening. In most secure environments, you would disable the ability to do any sort of file transfer via RDP for this very reason.

View solution in original post

1 REPLY 1

Cyber Elite
Cyber Elite

@MRamadanAHafiez,

You can't. Once an RDP connection is established it forms an encrypted tunnel to the endpoint, and there's no way for the firewall to decrypt that and actually look at what's happening. In most secure environments, you would disable the ability to do any sort of file transfer via RDP for this very reason.

  • 1 accepted solution
  • 3562 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!