topic Re: RDP over HTTPS Inspection in General Topics

RDP over HTTPS Inspection

Shahar_Grober — Sat, 08 Sep 2018 11:29:51 GMT

Does HTTPS Inspection support RDP over Https?

I tried to activate Inbound HTTPS inspection on our RDP gateway which allows opening RDP connections over HTTPS on port 443.

The session is opened using https from an external client to the session broker and then changes to RDP over https (similar to the image below).

When activating the https inspection, the connection is broken and there is a log saying that

Https validation is unsupported
Rejection reason is - SSL version is not supported.

When bypassing the connection in the Https inspection policy, RDP is working again

Is it possible to inspect such connections?

Did anyone try and succeed?

Is there a way to workaround the broken session or to inspect only the connection initialization (which is HTTPS only before changing to RDP)?

If not, is there a plan to support RDP over HTTPS inspection in the future?

Re: RDP over HTTPS Inspection

Nüüül — Fri, 21 Jun 2019 09:13:33 GMT

SSL Config of the Web Server would be interesting, i think.

i.e. here - https://community.checkpoint.com/thread/7700-https-inspection-problem-about-unspoorted-ssl-version it is stated that SSLv3 is disabled by default, which might result in your message...

Also, is there a publicly trusted certificate in use or from internel PKI/self signed? Does yout Firewall trust the issuer of these certs?

Daniel

Re: RDP over HTTPS Inspection

PhoneBoy — Sun, 09 Sep 2018 07:18:47 GMT

There should be log messages in SmartLog if the TLS negotiation is failing somehow.

Re: RDP over HTTPS Inspection

G_W_Albrecht — Mon, 10 Sep 2018 10:55:46 GMT

My question is why legitimate RDP traffic should be inspected anyhow...

Re: RDP over HTTPS Inspection

Nüüül — Mon, 10 Sep 2018 11:20:11 GMT

As far as I unterstood, it‘s more for the rdp over https from Internet to the rd Gateway/Broker (however MS is calling it) which is then kind of reverse proxying the rdp to the Terminal Server.

so for the Gateway it‘s a https connection.

Daniel

Re: RDP over HTTPS Inspection

Shahar_Grober — Mon, 10 Sep 2018 11:36:21 GMT

Correct Daniel, I would like to scan the https/RDP to traffic to make sure that the connection opened to the session broker and to the remote desktop session host is legit. If it is not possible to scan the RDP protocol, I would at least expect to be able to scan the HTTPS part (Where the connection is opened from the client to the session broker using HTTPS) and to be able to bypass the RDP over HTTPS traffic.

If this is not supported it is a good RFE to be able to scan RDP over HTTPS in future versions