I have intermedia as my hosted exchange solution. Intermedia keeps blocking my public IP because they said that my network is trying to connect to their server via RDP protocol.
I logged in to SSG5 to see if i could find anything and the only suspicious thing I saw was. untrust-local... to trust (any > any). I deleted it.
I only have one user who logins to a computer remotely via RDP. I don't know how to scan the network to see which computer is sending mass traffic to their servers. I installed wireshark but I don't really know how to use it.
BTW, I scanned all computers and did remove viruses/trojans from a couple, intermedia unblocked it and email worked again, but this is the third time they blocked it.