2 Replies Latest reply on Oct 31, 2013 12:35 PM by c8822131

    HIPS blocking access to RDP to Machines with statically assigned IP addresses

    c8822131

      Hi all,

       

      My journey of discovery continues with Firewall configuration in HIPS 8.

       

      I have a HIPS Firewall policy set up to a basic level (still in it's infancy after years of relying on windows firewall) with 2 CAGs to manage Internal Corporate IP and Approved VPN traffic

       

      Internal CAG - Allows traffic to pass where the DNS Suffix matches our Corporate DNS Suffix on Wired and Wireless Adapters

      VPN CAG - Allows traffic to pass if connecting to one of four assigned VPN concentrator IP addresses On Virtual Adapters

       

      This was all working well until last week, when a ticket was passed to me to advise a group of users were unavle to RDP into machines with statically assigned IP addresses.

       

      If the internal CAG is enabled (Location Status and Connection Isolation active, Connection Specific DNS Suffix specified)  RDP Traffic doesn't pass (RDP connection attempts time out).

      If I remove the DNS Suffix and DNS Server entries and refesh the policy on the client, I can RDP into clients on the subnet fine.

       

      I had a look in the event logs of one of the machines and could see an entrywhich looks like the blocking event :

       

      7 1382524484 10.25.88.1  b052daa4-ff7c-48b8-8ca9-7e69cb6a44c7 2048 6 10.119.223.52 139 10.25.88.1 3111 1 0 4 SYSTEM Block NetBIOS TCP Incoming

      7 1382524487 10.25.88.1  b052daa4-ff7c-48b8-8ca9-7e69cb6a44c7 2048 6 10.119.223.52 139 10.25.88.1 3111 1 0 4 SYSTEM Block NetBIOS TCP Incoming

      7 1382524493 10.25.88.1  b052daa4-ff7c-48b8-8ca9-7e69cb6a44c7 2048 6 10.119.223.52 139 10.25.88.1 3111 1 0 4 SYSTEM Block NetBIOS TCP Incoming

       

      Any Ideas ?

        • 1. Re: HIPS blocking access to RDP to Machines with statically assigned IP addresses
          Kary Tankink

          If I remove the DNS Suffix and DNS Server entries and refesh the policy on the client, I can RDP into clients on the subnet fine.

           

          Verify the system is setup with the correct DNS Suffix and DNS Server values to match the CAG.  Most likely the systems do not have the correct Connection-specific DNS Suffix, since typically DHCP servers are configured to hand out the DNS Suffix to DHCP clients.  If they have the IP statically configured, you will have to manually configure the Connection-specific DNS Suffix.  Verify with 'ipconfig /all".  This entry must match one of the DNS Suffixes listed in the CAG criteria.

           

           

          Ethernet adapter Local Area Connection:

           

             Media State . . . . . . . . . . . : Media connected

            Connection-specific DNS Suffix  . : <subdomain.domain.com>

             Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection

             Physical Address. . . . . . . . . : 00-00-00-00-00-00

             DHCP Enabled. . . . . . . . . . . : No

             Autoconfiguration Enabled . . . . : No

           

          • 2. Re: HIPS blocking access to RDP to Machines with statically assigned IP addresses
            c8822131

            Spot on Kary!

             

            As suspected when the Connection Specific DNS Suffix was set correctly an applied the Firewall CAG now passes the traffic and my customers can RDP into the Desktops with static IP addresses.

             

            Thanks for confirming this

             

            Mike