Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Content filter controlling RDP traffic?
  •  
G.L.M.

Messages: 26
Karma: 0
Send a private message to this user
I have a traffic rule controlled by the RDP protocol inspector and it seems the Content Filter is denying this traffic. Can content filter examine traffic controlled by protocol inspectors other than HTTPS/HTTP/FTP/POP3?

Thanks in advance.

Best regards
  •  
Brian Carmichael (Kerio)

Messages: 659
Karma: 66
Send a private message to this user
There is no protocol inspector for RDP (remote desktop protocol).
The content filter affects all protocols, however because of the HTTP protocol inspector it is possible to perform advanced filtering on web access. Please describe more specifically what you want to accomplish.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
G.L.M.

Messages: 26
Karma: 0
Send a private message to this user
Hello,

I have the following traffic rule:

From:192.168.1.1 To:Any Service:RDP Inspector:Default Action:Permit

And the following content filter rules (in order):

Detected content:Microsoft Update Source:SERVERS Action:Allow
Detected content:Any Source:SERVERS Action:Deny

192.168.1.1 is included in SERVERS (IP Address Group).

RDP connections from 192.168.1.1 to any IP are not established, MSTSC v6.3.9600 timeouts displaying "Internal error" message. However, if protocol inspector is changed to None, RDP connections are established correctly. I don't understand why, so please explain this behaviour.

Thank you in advance.

Best regards.

  •  
Brian Carmichael (Kerio)

Messages: 659
Karma: 66
Send a private message to this user
Did you specify any address translation (source NAT) on your traffic rule? Otherwise it will be forwarded to the Internet with the private IP address.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
G.L.M.

Messages: 26
Karma: 0
Send a private message to this user
The traffic rule has source NAT enabled using an specific outgoing interface connected to the Internet. IP datagrams are forwarded to the Internet with a public Internet IP address. Do you think the final origin source IP address (public or private) is related with the issue?.
  •  
Brian Carmichael (Kerio)

Messages: 659
Karma: 66
Send a private message to this user
You have a content rule that is denying any content from your servers, which includes 192.168.1.1. I assume this is why you cannot establish RDP connections from that host.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
G.L.M.

Messages: 26
Karma: 0
Send a private message to this user

Content filter denies traffic if RDP traffic rule is set to "default" inspector. Traffic is not denied if traffic rule is set to "none" inspector.
If there is not RDP inspector, what makes the difference? (Default vs None inspector).

  •  
Brian Carmichael (Kerio)

Messages: 659
Karma: 66
Send a private message to this user
The content rules do require inspection to be enabled. Generally, you should always keep the inspection at the default. Is there a reason you want to disable it for that rule?

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
G.L.M.

Messages: 26
Karma: 0
Send a private message to this user
Clearly you are not understanding the issue.

I do *not* want content filter to block RDP traffic. So I set RDP traffic rule to *none* inspector. That works. If default inspector is in place, RDP traffic is blocked by content filter.

You say RDP has no inspector but the inspector should be kept at the default. What is the default inspector for RDP? That makes no sense for me.

Thank for your time.

Regards.
  •  
Brian Carmichael (Kerio)

Messages: 659
Karma: 66
Send a private message to this user
As I understand, you do not want to block RDP traffic, however you defined a content rule to explicitly deny RDP. Content rules depend on protocol inspection (even if there is no inspector). By disabling inspection in the traffic rule, it bypasses any processing in Content Rules.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
G.L.M.

Messages: 26
Karma: 0
Send a private message to this user
"Content rules depend on protocol inspection (even if there is no inspector)."

This explain all.

Perhaps the documentation must state clearly this point. My understanding after reading the documentation was that content filtering depends on HTTPS/HTTP/FTP/POP3 protocol inspector, hence my first question ("Can content filter examine traffic controlled by protocol inspectors other than HTTPS/HTTP/FTP/POP3?")

http://kb.kerio.com/product/kerio-control/content-filtering/ configuring-the-content-filter-1513.html
Prerequisites
For content filtering, the following conditions must be met:
Traffic must be controlled by the HTTP / FTP / POP3 protocol inspector.
[...]


Thank you again.

Best regards.
Previous Topic: DNS-server
Next Topic: MyKerio Update
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue May 23 18:42:38 CEST 2017

Total time taken to generate the page: 0.00490 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.