Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Application communication over Remote Desktop Protocol (RDP) 8.0 or above is blocked by Firewall Connection Track

    • Updated:
    • 13 Jun 2019
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 9.5
    • Deep Security 9.6
    • Deep Security as a Service 2.0
    • Platform:
    • Windows 2012 Enterprise
    • Windows 8 32-Bit
    • Windows 8 64-Bit
    • Windows 8.1 32-Bit
    • Windows 8.1 64-Bit
Summary

Remote Desktop Protocol (RDP) version 8.0 has been released in Windows 8 and Windows Server 2012. When the UDP Connection Track is on timeout, the Firewall Connection Track blocks the client application communication over RDP 8.0 or higher.

Details
Public

By default, Deep Security Agent's network engine has a UDP timeout value of 10 seconds. Changing the timeout value to 20 seconds can resolve the issue.

To change the timeout value:

  1. On the affected Deep Security Agent or policy, go to Settings > Network Engine tab.
  2. Untick the Inherited checkbox.
  3. Set the UDP Timeout value to 20 seconds.

To prevent blocking the UPD traffic, add the following firewall rule:

  1. On the Deep Security Manager console, go to Policies or Computers tab.
  2. Navigate to Rules > Firewall Rules.
  3. Click New and select New Firewall Rule.

  4. Configure the firewall rule as follows:
    • Name: RDP Protocol UDP Incoming
    • Action Type: Force Allow
    • Priority: 0 - Lowest
    • Direction: Incoming
    • Frame Type: IP
    • Protocol: UDP
    • Source IP: Any
    • Source Port: 3389
    • Destination IP: Any
    • Destination Port: Any

Below are additional recommended settings that users may configure:

  1. Turn on the Tap mode to monitor if any RDP-related traffic is still blocked after applying the firewall rule above.
    1. On the Deep Security console, go to Computers.
    2. Navigate to Settings > Advanced.
    3. Under Network Engine Mode, select Tap.

  2. Log the UDP incoming traffic by activating the Enable stateful UDP logging option.
    1. On the Deep Security console, go to Computers.
    2. Navigate to Firewall > General.
    3. Under the Firewall Stateful Configuration section, select Enable Stateful Inspection and click Edit.

    4. Select UDP and tick the Enable stateful UDP logging check box.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1118648
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.