Application MMS port 3389 instead RDP

luca1994 · ‎02-21-2024

Hello team,

The Fortigate firewall's application control recognizes the MMS application on port 3389, I would expect it to recognize RDP. How does MMS get recognized as an application?

Thank you
BR

AEK · ‎02-21-2024

Oh sorry, the traffic log that you shared on first post is UDP (17), while RDP is TCP. That's why id doesn't show RDP.

On the other hand your hand 3389 UDP is included in range 1024-5000 that you created as MMS service. Also I don't find MMS application in my application signatures list, so FG may have shown MMS for Application as well just because the app signature was not detected and your service name is MMS (I guess).

AEK

View solution in original post

AEK · ‎02-21-2024

Hi Luca

By default on FortiGate the 3389 port is associated with RDP service.

On the other hand MMS port is 1755.

It seems on your firewall the RDP service has been renamed to MMS.

AEK

luca1994 · ‎02-21-2024

Hi @AEK ,

no, the RDP service is

and the MMS service is

seem to be configured correctly. I cannot understand why the application control detects the MMS service on port 3389.

Thank you

BR

AEK · ‎02-21-2024

Oh sorry, the traffic log that you shared on first post is UDP (17), while RDP is TCP. That's why id doesn't show RDP.

On the other hand your hand 3389 UDP is included in range 1024-5000 that you created as MMS service. Also I don't find MMS application in my application signatures list, so FG may have shown MMS for Application as well just because the app signature was not detected and your service name is MMS (I guess).

AEK

luca1994 · ‎02-21-2024

Sorry to you Aek. I had missed this "little" detail: the traffic is UDP and not TCP.

Thank you very much as always
See you soon