https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/225978#M43469 <P>The detailed description of the case is as follows:<BR />- We needs to block remote desktop tcp/3389, however, when the administrator changes the rdp service to a port other than 3389, the written RDP blocking policy cannot block it.</P><P>- Therefore, the we needs to find a way to use Checkpoint to block Microsoft's RDP application even when RDP runs on a custom port (not 3389). Not only RDP, there needs to be a radical solution to block other protocols/apps such as ssh, telnet nonstandard port</P> Mon, 09 Sep 2024 10:26:35 GMT MarcuzShinz 2024-09-09T10:26:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/225978#M43469 <P>The detailed description of the case is as follows:<BR />- We needs to block remote desktop tcp/3389, however, when the administrator changes the rdp service to a port other than 3389, the written RDP blocking policy cannot block it.</P><P>- Therefore, the we needs to find a way to use Checkpoint to block Microsoft's RDP application even when RDP runs on a custom port (not 3389). Not only RDP, there needs to be a radical solution to block other protocols/apps such as ssh, telnet nonstandard port</P> Mon, 09 Sep 2024 10:26:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/225978#M43469 MarcuzShinz 2024-09-09T10:26:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/225998#M43470 <P>Afaik most issues are with dropped RDP connections that should work <span class="lia-unicode-emoji" title=":winking_face:">😉</span> I would expect whitelisting could be a solution here - only allow your usual connections / apps and block the rest.</P> Mon, 09 Sep 2024 14:09:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/225998#M43470 G_W_Albrecht 2024-09-09T14:09:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/225999#M43471 <P>I would agree with statement that whitelisting approach might be the best.</P> <P>Andy</P> Mon, 09 Sep 2024 14:19:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/225999#M43471 the_rock 2024-09-09T14:19:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/226004#M43472 <P>As others have mentioned the approach used for construction of the policy could be relevant.</P> <P>Reviewing the "Protocol Signature" option is also worth mentioning here.</P> Mon, 09 Sep 2024 15:06:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/226004#M43472 Chris_Atkinson 2024-09-09T15:06:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/226007#M43473 <P>Super valid point.</P> Mon, 09 Sep 2024 15:18:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/226007#M43473 the_rock 2024-09-09T15:18:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/226061#M43482 <P>This is a problem that can be solved by a much more restrictive security policy.<BR />Specifically, only allowing the ports, protocols, and applications that are actually needed and not allowing "any" service/application unless absolutely required.</P> Mon, 09 Sep 2024 20:04:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-can-Checkpoint-detect-default-applications-running-through/m-p/226061#M43482 PhoneBoy 2024-09-09T20:04:25Z