cancel
Showing results for 
Search instead for 
Did you mean: 
ittech
Level 13

RDP Allow Rule

Jump to solution

This is my current rule and I can't connect with RDP. My goal was to only allow specific subnets.rdp.PNG

Any help is greatly appreciated.

0 Kudos
1 Solution

Accepted Solutions
ansarias
Level 13

Re: RDP Allow Rule

Jump to solution

Try with Allow SvcHost High Port TCP

0 Kudos
15 Replies
greatscott
Level 12

Re: RDP Allow Rule

Jump to solution

Do you have any blocks in your HIPS Activity Log?

0 Kudos
ittech
Level 13

Re: RDP Allow Rule

Jump to solution

Here's a couple examples:

-----------------------------------------------------------------------------------------------------------------------------------------------------

Time:  8/4/2014 1:36:21 PM

Event:  Traffic

IP Address/User:  172.23.41.125

Description:  Host Process for Windows Services (svchost.exe)

Path:  C:\Windows\system32\svchost.exe

Message:  Blocked Incoming TCP -  Source 172.23.41.125 :  (50051)  Destination 172.23.41.131 : rdp (3389)

Matched Rule:  Block All Traffic

Time:  8/4/2014 1:36:24 PM

Event:  Traffic

IP Address/User:  172.23.41.125

Description:  Host Process for Windows Services (svchost.exe)

Path:  C:\Windows\system32\svchost.exe

Message:  Blocked Incoming TCP -  Source 172.23.41.125 :  (50051)  Destination 172.23.41.131 : rdp (3389)

Matched Rule:  Block All Traffic

0 Kudos
ansarias
Level 13

Re: RDP Allow Rule

Jump to solution

Hi,

Edit this rule and add IP address which you are trying to do RDP. I assume it will be firewall rule.

0 Kudos
ittech
Level 13

Re: RDP Allow Rule

Jump to solution

Yes, it's a firewall rule. Should I edit the local or remote networks?

0 Kudos
ansarias
Level 13

Re: RDP Allow Rule

Jump to solution

Hi,

You need to add into local networks, for remote address it will mention as remote IP in logs.

0 Kudos
ittech
Level 13

Re: RDP Allow Rule

Jump to solution

Here's my rule now:

rdp2.PNG

It's still getting blocked though.

Time:  8/7/2014 4:11:26 PM

Event:  Traffic

IP Address/User:  172.23.41.125

Description:  Host Process for Windows Services (svchost.exe)

Path:  C:\Windows\system32\svchost.exe

Message:  Blocked Incoming TCP -  Source 172.23.41.125 :  (52295)  Destination 172.23.41.131 : rdp (3389)

Matched Rule:  Block All Traffic

0 Kudos
ansarias
Level 13

Re: RDP Allow Rule

Jump to solution

Hello,

Do you have cag (Connection aware group) rule in your environment?

Create a new rule in Add rule from Catalog (Firewall rule policy).

ScreenHunter_01 Aug. 08 20.37.jpg

0 Kudos
ittech
Level 13

Re: RDP Allow Rule

Jump to solution

What's a Connection Aware Group rule? I don't see that in my catalog.

0 Kudos
ansarias
Level 13

Re: RDP Allow Rule

Jump to solution

CAG is not related to McAfee, Its related to DHCP servers with additional IP blokcing and allowing rule. If these IP blocked from there end than these rules reflect to add connected machines. Even if you allowed particular IP in McAfee firewall. 

0 Kudos