ScreenOS Firewalls (NOT SRX)
Reply
Visitor
Proactive
Posts: 7
Registered: ‎07-20-2008
0

SSG320M with DELTEK application help.

Using the Deltek application for timesheet and financial, our end-users RDP to the remote server at the host site.

I opened up tcp 3389 trusted to untrusted. When they initiate a session they do not get all the way to a regular RDP signon screen.

It is like some other ports are needed. I was only allowing the service ports outbound that were being utilized by my end-users.

 

I since allowed all out bound ports, and that solved the problem. I don't like all ports open, so has anyone used Deltek services, and know

what other ports are needing opened.? 

I did not allow tcp 3389 inbound with any policy, but when I created the policy to allow outbound, the RDP sessions worked fine.

My other option is to start testing to find the ports.

 

Thanks

Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: SSG320M with DELTEK application help.

Windows RDP generally uses 3389 or 3390. Have you also tried permitting port 3390? If that does not do the trick, then I would recommend running command "debug flow drop" to find out what ports are getting dropped. Then permit those ports that are getting dropped.

 

-Richard

New User
Mecca
Posts: 1
Registered: ‎07-23-2008
0

Re: SSG320M with DELTEK application help.

You can also do an explicit deny after every interface (from Trust to Un-trust for example you should Deny and log) This will allow your logs to tell you what Action (Packet Dropped), what Protocol, what Destination Port and what Rule is causing this issue.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.