WatchGuard Support Center

Knowledge Base - Article

000017436
 IPS rule 1136944 incorrectly denies RDP traffic over VPN

Products: Firebox & XTM
Operating System: Fireware
Issue Status: Resolved
Tracking ID: FBX-19711
Status: Resolved
Resolved In: 4.1052

In version 4.1048 of the Application Control/IPS signatures, IPS rule 1136944 causes a false positive which denies RDP traffic over a VPN tunnel.

A message similar to this appears in the traffic logs:

2020-06-03 08:09:00 Deny rdp/tcp 56437 3389 3-WiFi 1-Trusted IPS detected 85 127 proc_id="firewall" rc="301" msg_id="3000-0150" tcp_info="offset 5 A 1682617796 win 1" signature_name="RDP Microsoft Remote Desktop Services Remote Code Execution Vul" signature_cat="Buffer Over Flow" signature_id="1136944" severity="3" Traffic

  1. Install version 4.1052 of the IPS signatures:
  1. After version 4.1052 is installed, reboot the Firebox.