Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 17031 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

REMOTE DESKTOP CONNECTION UTM9

Justin Pesigz

Hi Guys.

 

I have a question regarding Remote desktop connection. So recently I put some of the users on their respective policy to block some social media and streaming sites but when they try to use the Remote desktop connection they cant use it at all so what I did temporarily is to put some of the users on the Application Control Skiplist to access the Remote connection. How can I fix this concern? and also there's this one user that cant access staging.azurewebsites.net but I already put the link to the whitelisting tab and her team was able to access but not her. 

 

Please HELP me guys!

 

Thanks in advance.

 

-JP



This thread was automatically locked due to age.
Parents
  • 0

    Hey Justin,

     

    can you please take a look at the Application Control Log?

    If there is a hit you *should* see a corresponing log entry (if logging/reporting is enabled, otherwise you won't see anything) and then look at the app="xxxx" and fwrue="x" parts.

    Maybe the Application is under control 'cause of another firewall rule? If there is something else than Remote Desktop detected whitelist that app, wrong classification can happen.

    Example for a blocked Google Drive:

    2017:12:01-07:35:25 system-id ulogd[8061]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="2" outitf="eth1" mark="0x30b4" app="180" srcmac="xxx" srcip="private.111" dstip="public.111" proto="6" length="40" tos="0x00" prec="0x00" ttl="127" srcport="54529" dstport="443" tcpflags="ACK"

    Remote Control Apps and ID's:

    95,Remote Access,Citrix CGP
    96,Remote Access,Citrix ICA
    97,Remote Access,Citrix IMA
    99,Remote Access,Citrix Licensing
    101,Remote Access,Citrix RTMP
    102,Remote Access,Citrix SLG
    140,Remote Access,ERPC
    210,Remote Access,HP VMM
    259,Remote Access,Ktelnet
    261,Remote Access,KWDB
    274,Remote Access,LogMein
    401,Remote Access,RDP
    407,Remote Access,RJE
    408,Remote Access,Remote Job Service
    409,Remote Access,rlogin
    414,Remote Access,RSH
    421,Remote Access,Remote Telnet
    460,Remote Access,SNA Gateway
    472,Remote Access,SSH
    479,Remote Access,SUPDUP
    482,Remote Access,Su-Mit Telnet
    494,Remote Access,Telnet
    527,Remote Access,Citrix WANScaler
    565,Remote Access,Sophos RED
    584,Remote Access,TeamViewer
    690,Remote Access,PCoIP
    698,Remote Access,SCCM Remote Control
    788,Remote Access,ShowMyPC
    1049,Remote Access,NateOn Remote
    1053,Remote Access,VNC
    1068,Remote Access,GOM Remote
    1179,Remote Access,TN3270
    1244,Remote Access,pcAnywhere
    1971,Remote Access,Ammyy Admin
    1972,Remote Access,Anydesk

  • 0 in reply to Rouven Schuerken

    Hi Rouven,

     

    Heres what i can see :

     

     

    Im new to the company thats why im exploring the SOPHOS UTM9.

     

    Please help me.

     

    Thanks

  • 0 in reply to Justin Pesigz

    Hi,

     

    unfortunately the picture is too small - and I can't see the ports. If possible include the line(s) from the log viewer (not live log) and just take out the internal IP address block if you have security in mind.

  • 0 in reply to Rouven Schuerken

    Hi Rouven,

     

    Can you please teach me how to find it cause all I see is just the Live Log.

     

     

     

    -Justin

  • 0 in reply to Justin Pesigz

    'Logging & Reporting >> View Log Files', Justin.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi,

     

    Here's the screenshot. When I clicked on Logging & Reporting I cant see the "View Log Files"

     

     

    Thanks

  • 0 in reply to Justin Pesigz

    Search for log not for logg . Do you have full control over this device?

    You can see that live view from inside the log differs from view inside application control. Using view (or downloading) is much more useful (in my opinion).

     

     

  • 0 in reply to Rouven Schuerken

    Hi Rouven,

     

    Here is the screenshot and merry christmas guys :)

     

     

     

    Justin

  • 0 in reply to Justin Pesigz

    Hey ,

     

    that does not help. You need to open the live view Application Control Log - and then trigger an event.

    Paste the lines like I did before) here. Otherwise no one can help.

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML