https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4173788#M1075204 <P>Thanks Marvin for your great solution. I did so but it does not take effect! Users can still use Anydesk, for example. I saved the rules as well.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="firepower.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/86932i000C01CEB2E0713A/image-size/medium?v=v2&amp;px=400" role="button" title="firepower.png" alt="firepower.png" /></span></P><P> </P><P>&nbsp;</P> Mon, 26 Oct 2020 16:20:03 GMT majid3612 2020-10-26T16:20:03Z https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4172720#M1075099 <P>I am going to disable remote access traffic across my network except my whitelist. I am using Cisco Firepower as well as Cisco ASA in my network perimeter. How and where should I put my rule/policy to enable this capability?</P> Fri, 23 Oct 2020 17:30:59 GMT https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4172720#M1075099 majid3612 2020-10-23T17:30:59Z https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4172741#M1075103 <P>Can you elaborate more with an example and post what configuration you have, and give some external IP you like to block and allow.</P> <P>&nbsp;</P> Fri, 23 Oct 2020 17:55:21 GMT https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4172741#M1075103 balaji.bandi 2020-10-23T17:55:21Z https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4172807#M1075107 <P>For example, I want to permit remote traffic by RDP and Teamviewer but not other tools (Anydesk, VNC, etc.). Also, any backdoor which establish a remote connection between internal and external networks.</P><P>As mentioned, we have deployed ASA, Firepower, Umbrella and Meraki.</P> Fri, 23 Oct 2020 21:05:42 GMT https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4172807#M1075107 majid3612 2020-10-23T21:05:42Z https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4173091#M1075120 <P>You should use the policy in the Firepower service module to block the applications via an application level policy. Two rules will be needed:</P> <P>1. First allow RDP and TeamViewer</P> <P>2. Second block all other applications in the "Remote Desktop Control" category.</P> <P>It should look something like this:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Example Policy" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/86839iFCE0DEFB77B204BA/image-size/large?v=v2&amp;px=999" role="button" title="FMC example - Block remote control.PNG" alt="Example Policy" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Example Policy</span></span></P> Sun, 25 Oct 2020 04:12:56 GMT https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4173091#M1075120 Marvin Rhoads 2020-10-25T04:12:56Z https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4173788#M1075204 <P>Thanks Marvin for your great solution. I did so but it does not take effect! Users can still use Anydesk, for example. I saved the rules as well.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="firepower.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/86932i000C01CEB2E0713A/image-size/medium?v=v2&amp;px=400" role="button" title="firepower.png" alt="firepower.png" /></span></P><P> </P><P>&nbsp;</P> Mon, 26 Oct 2020 16:20:03 GMT https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4173788#M1075204 majid3612 2020-10-26T16:20:03Z https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4173846#M1075209 <P>It could be that those apps are using SSL and if FTD isn't decrypting it might not recognize the inner contents of the encrypted session as the app. In that case you might need to fall back on something like URL filter (if you have that licensed) or DNS security (e.g. via Umbrella) to prevent the clients from ever even resolving the address of the service to connect.</P> Mon, 26 Oct 2020 17:30:24 GMT https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4173846#M1075209 Marvin Rhoads 2020-10-26T17:30:24Z https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4173870#M1075211 <P>Also, please note that the block might not happen straightaway, the Firepower might allow some packets to pass through before it can learn the application and apply the policy accordingly.</P> Mon, 26 Oct 2020 17:58:51 GMT https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4173870#M1075211 Aref Alsouqi 2020-10-26T17:58:51Z https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4174480#M1075241 <P>Could you please be more specific about how to do so through URL filtering as well as DNS Security (Umbrella)? I looked at the both but not sure if that's exactly what I want. For example, you can block specific apps or URLs whereas I want to block a category of apps (remote access tools) which is not in their list.</P> Tue, 27 Oct 2020 16:59:26 GMT https://community.cisco.com/t5/network-security/how-to-disable-remote-access-traffic/m-p/4174480#M1075241 majid3612 2020-10-27T16:59:26Z