LAN RDP blocked when using Pules secure?

Martin.e

Hi,

I have this problem with my pfSense firewall.

So, when I don't have pulse secure running everything works fine, but as soon as I connect to pulse secure my RDP session gets blocked by pfSense and I cant for the life of me figure out why?

"Default deny IPv4" is the rule that hits on the connection.

I have tried:
Setting up Port forwarding, creating a any - any rule for the lan, nothing works.

Is there anyone who can help me figure this out?

I have no vlans setup, it's a dumb network all in all.
My setup is like this

viragomann

@Martin-e said in LAN RDP blocked when using Pules secure?:

"Default deny IPv4" is the rule that hits on the connection.

Can you give more details, please? Which packet is exactly blocked? Which protocol, source, destination?

Basically the traffic should not pass pfSense at all, since both server and client are lying within the same subnet.

If Pulse secure interacts with the communication between these devices, it's rather an issue of this software, not pfSense.

Martin.e

@viragomann

I think the image tells that story.
I'm using rdp port 3389 while connecting to 10.10.1.12/24 from 10.10.1.11/24.

You are correct that it shouldn't even pass the firewall since its connected on the same vlan on the same switch.

When pulse secure connects it creates a vpn to my company and that subnet is 10.15.x.x.
At the same time that this connection is created the rdp session closes and is blocked by pfSense

Ok, the IP:s are changed since i posted the first picture because I've been fiddling with this.
But there it is, when I disconnect the Pulse Secure VPN I can RDP again without issues

viragomann

@Martin-e said in LAN RDP blocked when using Pules secure?:

I have no vlans setup, it's a dumb network all in all.

it shouldn't even pass the firewall since its connected on the same vlan on the same switch.

So what?

I assume, your not using VLAN and a dumb L2 switch, where the devices are connected to.

As you can see in the log, the reply packets from the RDP server are blocked. These are blocked, since pfSense don't have a state for this connection as it never saw the initial SYN packet.

So this seems to me, that the client send request packets to the server, but the response packets are forced to pfSense after establishing Pulse secure for what ever reason.
Maybe Pulse secure doesn't allow any other traffic or something is configured wrong. I'm not experienced with Pulse secure.

NogBadTheBad

@viragomann I bet pulse isn't using a split tunnel and is routing everything down the VPN.

viragomann

@NogBadTheBad
Anyway this traffic should not be directed to the router, since the RDP server and client belongs to the same layer 2 subnet.

Martin.e

Oh...
I can add to this that it was working when using the crappy router my ISP gave me, but not now when using pfSense.

viragomann

@Martin-e said in LAN RDP blocked when using Pules secure?:

I can add to this that it was working when using the crappy router my ISP gave me

I don't expect, that RDP is working with asymmetric routed traffic. And you should rather fix the real reason for this issue. But yeah, you can have this grap also on pfSense, if you want.

Add a rule to the top of the LAN rule set:
source: <RDP server> or any if you want to have it wide open
source port: 3389 or any if....
dest: RDP client or...
dest. port: any
Open the Advanced Options, at "State type" select "Sloppy".

NogBadTheBad

@Martin-e Can you access your pfSense router when pulse is enabled also what's the subnet mask when connected to pulse.

You're using 10.x.x.x and so is your pulse connection.

Martin.e

@NogBadTheBad

Yep, you are correct.
I think something got very confused when it was in the same (but not the same considering the /24) 10.x.x.x.

I just changed all my own equipment to 192.x.x.x and now its working.

Still weird though.

But thanks for all your help anyway :)