This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shahar_Grober
Advisor
‎2018-09-08 04:29 AM

RDP over HTTPS Inspection

Does HTTPS Inspection support RDP over Https?

I tried to activate Inbound HTTPS inspection on our RDP gateway which allows opening RDP connections over HTTPS on port 443.

The session is opened using https from an external client to the session broker and then changes to RDP over https (similar to the image below). 

When activating the https inspection, the connection is broken and there is a log saying that

  • Https validation is unsupported
  • Rejection reason is - SSL version is not supported.

When bypassing the connection in the Https inspection policy, RDP is working again

Is it possible to inspect such connections?

Did anyone try and succeed?

Is there a way to workaround the broken session or to inspect only the connection initialization (which is HTTPS only before changing to RDP)?

If not, is there a plan to support RDP over HTTPS inspection in the future?

Image result for rdp over https

0 Kudos
5 Replies
Nüüül
Advisor
‎2018-09-08 10:43 AM

SSL Config of the Web Server would be interesting, i think.

i.e. here - https://community.checkpoint.com/thread/7700-https-inspection-problem-about-unspoorted-ssl-version  it is stated that SSLv3 is disabled by default, which might result in your message...

Also, is there a publicly trusted certificate in use or from internel PKI/self signed? Does yout Firewall trust the issuer of these certs?

Daniel

0 Kudos
PhoneBoy
Admin
Admin
‎2018-09-09 12:18 AM

There should be log messages in SmartLog if the TLS negotiation is failing somehow.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-09-10 03:55 AM

My question is why legitimate RDP traffic should be inspected anyhow...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Nüüül
Advisor
‎2018-09-10 04:20 AM
In response to G_W_Albrecht

As far as I unterstood, it‘s more for the rdp over https from Internet to the rd Gateway/Broker (however MS is calling it) which is then kind of reverse proxying the rdp to the Terminal Server.

so for the Gateway it‘s a https connection. 

Daniel

0 Kudos
Shahar_Grober
Advisor
‎2018-09-10 04:36 AM
In response to Nüüül

Correct Daniel, I would like to scan the https/RDP to traffic to make sure that the connection opened to the session broker and to the remote desktop session host is legit. If it is not possible to scan the RDP protocol, I would at least expect to be able to scan the HTTPS part (Where the connection is opened from the client to the session broker using HTTPS) and to be able to bypass the RDP over HTTPS traffic. 

If this is not supported it is a good RFE to be able to scan RDP over HTTPS in future versions

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events