cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
225
Views
1
Helpful
3
Replies

FTD 7.4.2.1 and RDP application rule

lcaruso
Level 6
Level 6

Hi,

A rule I created to filter RDP outbound using the predefined Application/RDP fails to function as if the protocol is not recognized, but if I change the same rule to not use Application/RDP and instead use a port object TCP/3389, it works fine.

After converting from ASA to FTD, I would like to start migrating rules from 4-tuples to Application rules, but this hardly inspires confidence. Is this a known issue or what could be the problem?

 

 

3 Replies 3

I will send you PM check it

MHM

ckleopa
Cisco Employee
Cisco Employee

If you have a sample pcap to share it would be good to see what could be the issue.

Wrecktangle
Level 1
Level 1

It's also possible that FTD is recognizing RDP under something different (low chance, but still possible!)  If you check the Event log at either Analysis > Unified Events or Analysis > Connection > Events, you can filter for the relevant traffic.  The "Application Protocol" column in the output will display how FTD is categorizing the traffic.

Review Cisco Networking for a $25 gift card