11-02-2021 07:37 AM
Hello,
How to block access on sites which are using rdp over https. Is there any way with the current Application Visibility & Control?
We are using wsa running at 12.5.1-043
Kind Regards,
spacemeb
Solved! Go to Solution.
01-17-2022 04:22 AM
Please note that WSA only supports HTTP, HTTPS and FTP protocols, so it cannot understand RDP and eventually drop the traffic. However, if the RDP service is being tunneled using HTTPS provided not being decrypted
workaround for tunneling:
pluto.csts-rtp.lab> advancedproxyconfig
Choose a parameter group:
- AUTHENTICATION - Authentication related parameters
- CACHING - Proxy Caching related parameters
- DNS - DNS related parameters
- EUN - EUN related parameters
- NATIVEFTP - Native FTP related parameters
- FTPOVERHTTP - FTP Over HTTP related parameters
- HTTPS - HTTPS related parameters
- SCANNING - Scanning related parameters
- PROXYCONN - Proxy connection header related parameters
- CUSTOMHEADERS - Manage custom request headers for specific domains
- MISCELLANEOUS - Miscellaneous proxy related parameters
- SOCKS - SOCKS Proxy parameters
[]> MISCELLANEOUS
Enter values for the miscellaneous options:
Would you like proxy to respond to health checks from L4 switches (always
enabled if WSA is in L4 transparent mode)?
[N]>
Would you like proxy to perform dynamic adjustment of TCP receive window size?
[Y]>
Would you like proxy to perform dynamic adjustment of TCP send window size?
[Y]>
Enable caching of HTTPS responses.
[N]>
Enter minimum idle timeout for checking unresponsive upstream proxy (in
seconds).
[10]>
Enter maximum idle timeout for checking unresponsive upstream proxy (in
seconds).
[86400]>
Mode of the proxy:
[2]>
Spoofing of the client IP by the proxy:
[1]>
Do you want to pass HTTP X-Forwarded-For headers?
[Y]>
Would you like to permit tunneling of non-HTTP requests on HTTP ports?
[N]>
Would you like to block tunneling of non-SSL transactions on SSL Ports?
[N]> y
Would you like proxy to log values from X-Forwarded-For headers in place of
incoming connection IP addresses?
[N]>
Do you want proxy to throttle content served from cache?
[Y]>
Would you like the proxy to use client IP addresses from X-Forwarded-For
headers?
[N]>
Do you want to forward TCP RST sent by server to client?
[N]>
Do you want to enable URL lower case conversion for velocity regex?
[Y]>
Choose a parameter group:
- AUTHENTICATION - Authentication related parameters
- CACHING - Proxy Caching related parameters
- DNS - DNS related parameters
- EUN - EUN related parameters
- NATIVEFTP - Native FTP related parameters
- FTPOVERHTTP - FTP Over HTTP related parameters
- HTTPS - HTTPS related parameters
- SCANNING - Scanning related parameters
- PROXYCONN - Proxy connection header related parameters
- CUSTOMHEADERS - Manage custom request headers for specific domains
- MISCELLANEOUS - Miscellaneous proxy related parameters
- SOCKS - SOCKS Proxy parameters
[]>
pluto.csts-rtp.lab> commit
Please enter some comments describing your changes:
[]> 'hit enter'
Please note that this will block any non SSL connection from being tunneled over SSL not only RDP .
11-02-2021 07:53 AM
WSA is http/ https and FTP proxy, i do not believe WSA understand any RDP traffic.
If you think WSA processing, make test example and post the Logs here.
how is your environment ? WSA always in DMZ and behind FW, so you can make Block Policy in FW to block RDP Traffic.
11-02-2021 08:03 AM
Hello,
I am not certain if WSA is able to identify RDP traffic, but surely we cannot implement this on firewall, thats why I am asking.
Thanks for your reply btw!
11-02-2021 08:11 AM
If you know the Destination URL, try to block it in access policy,
grep the logs - is the first step.
01-17-2022 04:22 AM
Please note that WSA only supports HTTP, HTTPS and FTP protocols, so it cannot understand RDP and eventually drop the traffic. However, if the RDP service is being tunneled using HTTPS provided not being decrypted
workaround for tunneling:
pluto.csts-rtp.lab> advancedproxyconfig
Choose a parameter group:
- AUTHENTICATION - Authentication related parameters
- CACHING - Proxy Caching related parameters
- DNS - DNS related parameters
- EUN - EUN related parameters
- NATIVEFTP - Native FTP related parameters
- FTPOVERHTTP - FTP Over HTTP related parameters
- HTTPS - HTTPS related parameters
- SCANNING - Scanning related parameters
- PROXYCONN - Proxy connection header related parameters
- CUSTOMHEADERS - Manage custom request headers for specific domains
- MISCELLANEOUS - Miscellaneous proxy related parameters
- SOCKS - SOCKS Proxy parameters
[]> MISCELLANEOUS
Enter values for the miscellaneous options:
Would you like proxy to respond to health checks from L4 switches (always
enabled if WSA is in L4 transparent mode)?
[N]>
Would you like proxy to perform dynamic adjustment of TCP receive window size?
[Y]>
Would you like proxy to perform dynamic adjustment of TCP send window size?
[Y]>
Enable caching of HTTPS responses.
[N]>
Enter minimum idle timeout for checking unresponsive upstream proxy (in
seconds).
[10]>
Enter maximum idle timeout for checking unresponsive upstream proxy (in
seconds).
[86400]>
Mode of the proxy:
[2]>
Spoofing of the client IP by the proxy:
[1]>
Do you want to pass HTTP X-Forwarded-For headers?
[Y]>
Would you like to permit tunneling of non-HTTP requests on HTTP ports?
[N]>
Would you like to block tunneling of non-SSL transactions on SSL Ports?
[N]> y
Would you like proxy to log values from X-Forwarded-For headers in place of
incoming connection IP addresses?
[N]>
Do you want proxy to throttle content served from cache?
[Y]>
Would you like the proxy to use client IP addresses from X-Forwarded-For
headers?
[N]>
Do you want to forward TCP RST sent by server to client?
[N]>
Do you want to enable URL lower case conversion for velocity regex?
[Y]>
Choose a parameter group:
- AUTHENTICATION - Authentication related parameters
- CACHING - Proxy Caching related parameters
- DNS - DNS related parameters
- EUN - EUN related parameters
- NATIVEFTP - Native FTP related parameters
- FTPOVERHTTP - FTP Over HTTP related parameters
- HTTPS - HTTPS related parameters
- SCANNING - Scanning related parameters
- PROXYCONN - Proxy connection header related parameters
- CUSTOMHEADERS - Manage custom request headers for specific domains
- MISCELLANEOUS - Miscellaneous proxy related parameters
- SOCKS - SOCKS Proxy parameters
[]>
pluto.csts-rtp.lab> commit
Please enter some comments describing your changes:
[]> 'hit enter'
Please note that this will block any non SSL connection from being tunneled over SSL not only RDP .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide