This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Desktop Gateway 2019 not working with WAF

Hi,

For a few days now i'm struggling with getting my 2019 RDG to work behind my Sophos UTM WAF. I've tried multiple configurations found on the internet, but i'm still unable to connect to my RD Gateway 2019. After entering my credentials i recieve the message that the RD Gateway is not reachable.

The WAF logfile lines generated during the login process are:

2022:12:27-10:40:55 firewall httpd[11576]: [security2:error] [pid 11576:tid 3992910656] [client 185.76.168.73:49205] [client 185.76.168.73] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "rdg.domain.com"] [uri "/KdcProxy"] [unique_id "Y6q9p9o8iLu3YiutOnVFggAAABA"]
2022:12:27-10:40:55 firewall httpd: id="0299" srcip="185.76.168.73" localip="83.80.157.199" size="196" user="-" host="185.76.168.73" method="POST" statuscode="404" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="435" url="/KdcProxy" server="gateway.domain.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Y6q9p9o8iLu3YiutOnVFggAAABA"
2022:12:27-10:40:56 firewall httpd[11576]: [security2:error] [pid 11576:tid 3992910656] [client 185.76.168.73:49205] [client 185.76.168.73] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "rdg.domain.com"] [uri "/KdcProxy"] [unique_id "Y6q9qNo8iLu3YiutOnVFgwAAABA"]
2022:12:27-10:40:56 firewall httpd: id="0299" srcip="185.76.168.73" localip="83.80.157.199" size="196" user="-" host="185.76.168.73" method="POST" statuscode="404" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="270" url="/KdcProxy" server="gateway.domain.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Y6q9qNo8iLu3YiutOnVFgwAAABA"
2022:12:27-10:40:56 firewall httpd[11576]: [security2:error] [pid 11576:tid 3992910656] [client 185.76.168.73:49205] [client 185.76.168.73] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "rdg.domain.com"] [uri "/KdcProxy"] [unique_id "Y6q9qNo8iLu3YiutOnVFhAAAABA"]
2022:12:27-10:40:56 firewall httpd: id="0299" srcip="185.76.168.73" localip="83.80.157.199" size="196" user="-" host="185.76.168.73" method="POST" statuscode="404" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="206" url="/KdcProxy" server="gateway.domain.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Y6q9qNo8iLu3YiutOnVFhAAAABA"
2022:12:27-10:40:56 firewall httpd[11576]: [security2:error] [pid 11576:tid 4001303360] [client 185.76.168.73:49204] [client 185.76.168.73] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "rdg.domain.com"] [uri "/remoteDesktopGateway/"] [unique_id "Y6q9qNo8iLu3YiutOnVFhQAAAA8"]
2022:12:27-10:40:56 firewall httpd[11576]: [core:error] [pid 11576:tid 4001303360] [client 185.76.168.73:49204] AH00135: Invalid method in request RDG_OUT_DATA /remoteDesktopGateway/ HTTP/1.1
2022:12:27-10:40:56 firewall httpd: id="0299" srcip="185.76.168.73" localip="83.80.157.199" size="211" user="-" host="185.76.168.73" method="RDG_OUT_DATA" statuscode="501" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="443" url="/remoteDesktopGateway/" server="gateway.domain.com" port="443" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="E0sgl0UU8EPWaL847Oi2UA==" websocket_version="13" uid="Y6q9qNo8iLu3YiutOnVFhQAAAA8"
2022:12:27-10:40:56 firewall httpd[11576]: [security2:error] [pid 11576:tid 3984517952] [client 185.76.168.73:49206] [client 185.76.168.73] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "rdg.domain.com"] [uri "/rpc/rpcproxy.dll"] [unique_id "Y6q9qNo8iLu3YiutOnVFhgAAABE"]
2022:12:27-10:40:56 firewall httpd[11576]: [core:error] [pid 11576:tid 3984517952] [client 185.76.168.73:49206] AH00135: Invalid method in request RPC_IN_DATA /rpc/rpcproxy.dll?localhost:3388 HTTP/1.1
2022:12:27-10:40:56 firewall httpd: id="0299" srcip="185.76.168.73" localip="83.80.157.199" size="210" user="-" host="185.76.168.73" method="RPC_IN_DATA" statuscode="501" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="413" url="/rpc/rpcproxy.dll" server="gateway.domain.com" port="443" query="?localhost:3388" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Y6q9qNo8iLu3YiutOnVFhgAAABE"
2022:12:27-10:40:56 firewall httpd[11576]: [security2:error] [pid 11576:tid 3959339840] [client 185.76.168.73:49209] [client 185.76.168.73] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "rdg.domain.com"] [uri "/rpc/rpcproxy.dll"] [unique_id "Y6q9qNo8iLu3YiutOnVFhwAAABQ"]
2022:12:27-10:40:56 firewall httpd[11576]: [core:error] [pid 11576:tid 3959339840] [client 185.76.168.73:49209] AH00135: Invalid method in request RPC_OUT_DATA /rpc/rpcproxy.dll?localhost:3388 HTTP/1.1
2022:12:27-10:40:56 firewall httpd: id="0299" srcip="185.76.168.73" localip="83.80.157.199" size="211" user="-" host="185.76.168.73" method="RPC_OUT_DATA" statuscode="501" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipFormHardeningMissingToken, SkipThreatsFilter" time="358" url="/rpc/rpcproxy.dll" server="gateway.domain.com" port="443" query="?localhost:3388" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Y6q9qNo8iLu3YiutOnVFhwAAABQ"

rdg.domain.com is the hostname of my rdg server

gateway.domain.com is the external gateway dns name pointing to my external IP of the Sophos UTM.

The message i get after entering my credentials is

The WAF configuration i configured is identical to JACK1976's post in this thread.

https://community.sophos.com/utm-firewall/f/general-discussion/116289/remote-desktop-gateway-2019-won-t-work-with-sophos-utm-waf/419337

The UTM firmware i'm running is: 9.713-19.

I hope somebody can help me fix this issue.



This thread was automatically locked due to age.
Parents
  • Hoi Geoffrey and welcome to the UTM Community!

    As Raphael says, RDG-RPC is not supported.  You can find more about this here by googling on:

         site:community.sophos.com/utm-firewall "/rpc/rpcproxy.dll"

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hoi Geoffrey and welcome to the UTM Community!

    As Raphael says, RDG-RPC is not supported.  You can find more about this here by googling on:

         site:community.sophos.com/utm-firewall "/rpc/rpcproxy.dll"

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data