1 2 Previous Next 15 Replies Latest reply: Aug 8, 2014 12:36 PM by ansarias RSS

    RDP Allow Rule

    ittech

      This is my current rule and I can't connect with RDP. My goal was to only allow specific subnets.rdp.PNG

       

      Any help is greatly appreciated.

        • 1. Re: RDP Allow Rule
          greatscott

          Do you have any blocks in your HIPS Activity Log?

          • 2. Re: RDP Allow Rule
            ansarias

            Hi,

             

            Edit this rule and add IP address which you are trying to do RDP. I assume it will be firewall rule.

            • 3. Re: RDP Allow Rule
              ittech

              Here's a couple examples:

              -------------------------------------------------------------------------------- ---------------------------------------------------------------------

              Time:  8/4/2014 1:36:21 PM

              Event:  Traffic

              IP Address/User:  172.23.41.125

              Description:  Host Process for Windows Services (svchost.exe)

              Path:  C:\Windows\system32\svchost.exe

              Message:  Blocked Incoming TCP -  Source 172.23.41.125 :  (50051)  Destination 172.23.41.131 : rdp (3389)

              Matched Rule:  Block All Traffic

               

              Time:  8/4/2014 1:36:24 PM

              Event:  Traffic

              IP Address/User:  172.23.41.125

              Description:  Host Process for Windows Services (svchost.exe)

              Path:  C:\Windows\system32\svchost.exe

              Message:  Blocked Incoming TCP -  Source 172.23.41.125 :  (50051)  Destination 172.23.41.131 : rdp (3389)

              Matched Rule:  Block All Traffic

              • 4. Re: RDP Allow Rule
                ittech

                Yes, it's a firewall rule. Should I edit the local or remote networks?

                • 5. Re: RDP Allow Rule
                  ansarias

                  Hi,

                   

                  You need to add into local networks, for remote address it will mention as remote IP in logs.

                  • 6. Re: RDP Allow Rule
                    ittech

                    Here's my rule now:

                    rdp2.PNG

                     

                    It's still getting blocked though.

                     

                    Time:  8/7/2014 4:11:26 PM

                    Event:  Traffic

                    IP Address/User:  172.23.41.125

                    Description:  Host Process for Windows Services (svchost.exe)

                    Path:  C:\Windows\system32\svchost.exe

                    Message:  Blocked Incoming TCP -  Source 172.23.41.125 :  (52295)  Destination 172.23.41.131 : rdp (3389)

                    Matched Rule:  Block All Traffic

                    • 7. Re: RDP Allow Rule
                      ansarias

                      Hello,

                      Do you have cag (Connection aware group) rule in your environment?

                      Create a new rule in Add rule from Catalog (Firewall rule policy).

                       

                      ScreenHunter_01 Aug. 08 20.37.jpg

                      • 8. Re: RDP Allow Rule
                        ittech

                        What's a Connection Aware Group rule? I don't see that in my catalog.

                        • 9. Re: RDP Allow Rule
                          ansarias

                          CAG is not related to McAfee, Its related to DHCP servers with additional IP blokcing and allowing rule. If these IP blocked from there end than these rules reflect to add connected machines. Even if you allowed particular IP in McAfee firewall. 

                          1 2 Previous Next