11-29-2024 09:29 AM
Hi,
A rule I created to filter RDP outbound using the predefined Application/RDP fails to function as if the protocol is not recognized, but if I change the same rule to not use Application/RDP and instead use a port object TCP/3389, it works fine.
After converting from ASA to FTD, I would like to start migrating rules from 4-tuples to Application rules, but this hardly inspires confidence. Is this a known issue or what could be the problem?
11-29-2024 09:35 AM
I will send you PM check it
MHM
11-29-2024 09:46 AM
If you have a sample pcap to share it would be good to see what could be the issue.
11-29-2024 11:09 AM
It's also possible that FTD is recognizing RDP under something different (low chance, but still possible!) If you check the Event log at either Analysis > Unified Events or Analysis > Connection > Events, you can filter for the relevant traffic. The "Application Protocol" column in the output will display how FTD is categorizing the traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide