Forum Discussion

samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
May 05, 2015

First of all: did you follow the F5 RDP Deployment Guide?

 

https://www.f5.com/pdf/deployment-guides/f5-microsoft-remote-desktop-services-dg.pdf

 

Also, are you seeing this issue when the ASM policy is in Blocking mode? What happens if the policy is in Transparent mode? Anything at all in the logs (/var/log/ltm /var/log/asm)?? If ASM has blocked a request there must be something in the logs - I expect at least an "INVALID METHOD" or an "HTTP Protocol Compliance Violation" to be present (provided you have a logging profile assigned).

 

I am not surprised Windows XP clients don't work with RDP - the legacy clients do not support the authentication levels introduced since Windows7, so if you are only having issues with legacy clients that might give you a clue that the outdated version of RDP authentication protocol used by these clients is causing this. Finding the differences and tuning the policy is non-trivial in this case.

 

From the security point of view - do you really want to disable ASM? What was the rationale for enabling it in the first place for this service? Is the virtual server public facing? You need to protect access from certain countries/malicious IP addresses?

 

RDP/RDWeb is not a traditional web application - it uses RDP protocol encapsulated in HTTP requests, so creating a meaningful ASM policy is not easy. It is bound to trigger lots of false positives and will require careful configuration and tuning.

 

If you do believe that you want to keep ASM on, but bypass it for specific IP addresses then:

 

check out this solution for bypassing ASM: https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14709.html

 

and also this DevCentral thread:

 

https://devcentral.f5.com/questions/bypass-asm

 

Hope this helps,

 

Sam