Been testing some PA firewall functionality and noticed that ms-rdp has the implicit use of "cotp" defined, but the cotp application matches to a rule further down the policy list. When I review the logs, it looks like this
Am I misunderstanding having cotp as implicitly allowed by the ms-rdp application? Not sure why ms-rdp is allowed as part of the Test-RDP rule but then cotp drops down to a policy further in the list.
I could add the cotp application to the Test-RDP rule, but shouldn't Test-RDP be where cotp is getting caught already?