By default, Deep Security Agent's network engine has a UDP timeout value of 10 seconds. Changing the timeout value to 20 seconds can resolve the issue.

To change the timeout value:

1. On the affected Deep Security Agent or policy, go to Settings > Network Engine tab.
2. Untick the Inherited checkbox.
3. Set the UDP Timeout value to 20 seconds.

To prevent blocking the UPD traffic, add the following firewall rule:

1. On the Deep Security Manager console, go to Policies or Computers tab.
2. Navigate to Rules > Firewall Rules.
3. Click New and select New Firewall Rule.

   

4. Configure the firewall rule as follows:
   • Name: RDP Protocol UDP Incoming
   • Action Type: Force Allow
   • Priority: 0 - Lowest
   • Direction: Incoming
   • Frame Type: IP
   • Protocol: UDP
   • Source IP: Any
   • Source Port: 3389
   • Destination IP: Any
   • Destination Port: Any

Below are additional recommended settings that users may configure:

1. Turn on the Tap mode to monitor if any RDP-related traffic is still blocked after applying the firewall rule above.
   1. On the Deep Security console, go to Computers.
   2. Navigate to Settings > Advanced.
   3. Under Network Engine Mode, select Tap.

   

2. Log the UDP incoming traffic by activating the Enable stateful UDP logging option.
   1. On the Deep Security console, go to Computers.
   2. Navigate to Firewall > General.
   3. Under the Firewall Stateful Configuration section, select Enable Stateful Inspection and click Edit.

      

   4. Select UDP and tick the Enable stateful UDP logging check box.