ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

SSG320M with DELTEK application help.

‎07-20-2008 10:56 PM

Using the Deltek application for timesheet and financial, our end-users RDP to the remote server at the host site.

I opened up tcp 3389 trusted to untrusted. When they initiate a session they do not get all the way to a regular RDP signon screen.

It is like some other ports are needed. I was only allowing the service ports outbound that were being utilized by my end-users.


I since allowed all out bound ports, and that solved the problem. I don't like all ports open, so has anyone used Deltek services, and know

what other ports are needing opened.? 

I did not allow tcp 3389 inbound with any policy, but when I created the policy to allow outbound, the RDP sessions worked fine.

My other option is to start testing to find the ports.



ScreenOS Firewalls (NOT SRX)

Re: SSG320M with DELTEK application help.

‎07-20-2008 11:26 PM

Windows RDP generally uses 3389 or 3390. Have you also tried permitting port 3390? If that does not do the trick, then I would recommend running command "debug flow drop" to find out what ports are getting dropped. Then permit those ports that are getting dropped.



ScreenOS Firewalls (NOT SRX)

Re: SSG320M with DELTEK application help.

‎07-23-2008 01:31 PM

You can also do an explicit deny after every interface (from Trust to Un-trust for example you should Deny and log) This will allow your logs to tell you what Action (Packet Dropped), what Protocol, what Destination Port and what Rule is causing this issue.