This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

configuring sophos utm 9 to allow access to applications published in microsoft remote desktop services

i have an issue in my sophos utm 9.7 configuration first of all i added the local certificate for RDWeb site then i cofigured virtual webserver and real webserver ,when i started to test ,no good news and i tried many things like fullnat in network protection, it worked but i suspected it is bad for security then i undo, till i got to firewall profiles in webserver protection and i found Microsoft RD Web 2008 profile with "reject"mode ,i changed mode to monitor then it worked for a while then it didn't work and still can open the url but applications no

This thread was automatically locked due to age.

Parents

0 BAlfson over 3 years ago

OK, that's a good start. "Monitor" mode means that all of the selected checks in the Firewall Profile are applied and the results logged, but the traffic is allowed. "Monitor" is the right way to start. Now, you need to go into the logs to see what checks would result in blocked traffic if "Reject" were selected. If there are some that you want to use, you will need to see if you can modify the relevant settings on your server.

Many things could cause an application to be blocked. You will also want to do #2 in Rulz (last updated 2019-04-17) to confirm that traffic isn't being blocked by the firewall or some aspect of Intrusion Prevention. Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly. Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file, so if you want help with a block by the firewall, show us a line from the log file.

I copied your links into a sandboxed web browser to look at the images. When adding pictures in future posts, insert your images directly into the post instead of uploading to an external site. We can't know if an external site is properly protected. The only malware I've gotten in over 10 years was from an external link to a picture in this forum several years ago. Thanks in advance!

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 3 years ago

OK, that's a good start. "Monitor" mode means that all of the selected checks in the Firewall Profile are applied and the results logged, but the traffic is allowed. "Monitor" is the right way to start. Now, you need to go into the logs to see what checks would result in blocked traffic if "Reject" were selected. If there are some that you want to use, you will need to see if you can modify the relevant settings on your server.

Many things could cause an application to be blocked. You will also want to do #2 in Rulz (last updated 2019-04-17) to confirm that traffic isn't being blocked by the firewall or some aspect of Intrusion Prevention. Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly. Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file, so if you want help with a block by the firewall, show us a line from the log file.

I copied your links into a sandboxed web browser to look at the images. When adding pictures in future posts, insert your images directly into the post instead of uploading to an external site. We can't know if an external site is properly protected. The only malware I've gotten in over 10 years was from an external link to a picture in this forum several years ago. Thanks in advance!

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data