Anthony H.
asked on
Block IP with Juniper SSG5
I have intermedia as my hosted exchange solution. Intermedia keeps blocking my public IP because they said that my network is trying to connect to their server via RDP protocol.
I logged in to SSG5 to see if i could find anything and the only suspicious thing I saw was. untrust-local... to trust (any > any). I deleted it.
I only have one user who logins to a computer remotely via RDP. I don't know how to scan the network to see which computer is sending mass traffic to their servers. I installed wireshark but I don't really know how to use it.
any suggestions?
BTW, I scanned all computers and did remove viruses/trojans from a couple, intermedia unblocked it and email worked again, but this is the third time they blocked it.
I logged in to SSG5 to see if i could find anything and the only suspicious thing I saw was. untrust-local... to trust (any > any). I deleted it.
I only have one user who logins to a computer remotely via RDP. I don't know how to scan the network to see which computer is sending mass traffic to their servers. I installed wireshark but I don't really know how to use it.
any suggestions?
BTW, I scanned all computers and did remove viruses/trojans from a couple, intermedia unblocked it and email worked again, but this is the third time they blocked it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Untrust is Internet. You don't want to block RDP from internet to LAN, do you? So remove it, or leaves it alone if it doesn't matter for you. By default all Untrust traffic is blocked unless explicitly allowed.
ASKER