FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to resolve or troubleshoot misclassification of RDP traffic as MMS.
Scope
FortiGate.
Solution
RDP typically operates over TCP port 3389, but it also supports UDP port 3389. When UDP is used, RDP traffic can inadvertently match the default MMS service definition if that service is configured with a wide UDP port range that includes 3389.
config firewall service custom
edit "RDP"
set tcp-portrange 3389
next
edit "MMS"
set tcp-portrange 1755
set udp-portrange 1024-5000
next
end
In this setup:
The RDP service is only defined for TCP port 3389.
The MMS service includes UDP port range 1024–5000, which includes port 3389.
As a result, when RDP uses UDP 3389, it is matched against the MMS service, causing incorrect classification in the logs and potential traffic handling issues.
To resolve the misclassification issue, remove the UDP port range from the MMS service definition if it is not required or narrow it down to exclude port 3389.
For example:
config firewall service custom
edit "MMS"
set udp-portrange 1024-3388 3390-5000
next
end
