I'm getting an alert about a client creating too many RDP sessions. What do I need to do?

In short, nothing; we're just letting you know that it's happening.

3389 is a well-known port that is often left open or unprotected to allow RDP sessions to connect. This has the unfortunate side effect of making it a common target for intrusion attempts. However, NG Firewall blocks incoming traffic by default. Anything trying to connect to 3389 will be blocked unless you've created a Port Forward Rule to allow that traffic in. The alert is just to let you know that we're seeing some unusual traffic. You can read about disabling those alerts here.

The one caveat to this would be if the NG Firewall is bridged to another device upstream, in which case we're not blocking anything. In that case, however, we would expect the upstream device(s) would be acting as a firewall.

Was this article helpful?
1 out of 9 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk