NW 6.5 SP7 BM38.5


We have clients on the private side of our network that have been connecting to a windows 2003
TS on port 3389 on the public side. The TS server was recently migrated to server 2008 and we now have to connect through on port 443.

I left the current 3389 rule in place. And created a new one with the new dest port of 443 eg,

Src Ports all Protocol TCP
ack bit filt disabled Dest Port 443
Stateful Filtering Enabled

This new rule works perfectly but only for a period of time. Users can access the new RDP destination server without an issue on say day one. On day two they can't. They receive authentication errors. When I temporarily unload filtsrv they obviously are authenticated and connected.

I can at this stage bring back up the firewall and they remain connected all today without an issue. Then the same issue occurs the next day and so on. A trace using TCP IP DEBUG doesn't show me any packets being dropped in or out. Source and destination ports being requested are correct.

The client doesn't seem to be looking to get some other type of response from another source on a blocked port etc while the issue is occuring.

I still have the BM default filter applied to the public interface for the purposes of HTTPS proxy. Could this be causing some sort of confusion over time. We never had an issue for years using the original filter exception for rdp over 3389.