Inside this Rule update, the following SIDs in question for the RDP issue have been removed for now until the rules can be re-tuned.
Workaround by Updating SRU
To install the new SRU, please go to your Management Center or Management GUI of your device and go to the updates page itself.
Once you are on the updates page, you can install this by using the following option:
Step 1: On the Rule section of the update page, please select Download new Rule from the support site or manually update the rule package.
Warning: If you select to Reapply all polices after the rule update, please note that this will cause a Snort Restart for your environment during the deploy which can cause a short outage due to the Inspection process restarting.
Step 2: Once the update is complete, you can verify that it is currently running by checking the Version on the top left corner.
Step 3: If you did not decide to deploy when the download was completed, you will have to deploy this change out to devices.
Please note that upon deploy this will cause a snort restart similar to all other upgrades for the changing of the rules themselves.
Workaround without Updating by Disabling the SIDs
Currently, the best recommendation if you are affected is to disable the SID's themselves until the rules are released with the upcoming update.
Step 1: Verify your IPS Policy Configured
In your Access Control Policy, you can see your IPS policies configured by following the yellow Shield Icon representing the protection.
In some environments, you will see a section stated as "Intrusion Policy used before Access Control rule is determined" - This policy will also need to be edited if it is any other field than "No Rule Active"
Warning: If you are using the Default Policies labeled Maximum Detection, Connectivity Over Security, Balanced Security and Connectivity, and Security Over Connectivity, you will need to create a new IPS policy based upon these for editing individual rule criteria.
After reading though and implementing many of other configuration suggestions from community page posts related to the same issue as well as from config guides and other related pages, I am still having an issue with pinging from my Catalyst 9200 switch t...
I am wanting to make sure I log all users who connect to anyconnect and send the data to a syslog server. What I need to do is capture the IP of the user, login credentials (user), with a date and time stamp.What is the easiest method for doing this?...
I am a web developer trying to have an issue resolved that I believe is either hardware or networking issue, but all sides of communication indicate they have checked what they need to, yet it still has not been resolved. We have a connection setup u...
Hello, I have in environment ISE 2.2 patch 14 on SNS3495. We tried to migrate from ACS, but during window maintenance, Cisco ISE show errors with message: "Reached TACACS+ maximum client limit".Debuggind prrt-server.log, we can see the message:...