We have an issue about RDP connection.
The client originally used TP-Link c64 router, and only set up static wan ip and DHCP for internal LAN, no other special settings. After that, we replace it with MX67(18.107.2), using the same wan ip address and internal LAN(single LAN). The firewall and L7 firewall are all default. No forwarding rules, content filtering, and AMP, IDP are all disable.
We got feedback from client that they use non-standard RDP port(not port 3389) to connect to remote machine. The connection can be established successfully but interrupted about few mins. And client claimed there was no interruption when using c64 router.
We captured the packet from WAN and LAN. In part of LAN, we observed the client host only used one TCP high random source port 'T' and one UDP high random source port 'U' to remote non 3389 port 'R'. But in part of WAN, there were lots of UDP packet sent from remote machine with source port 'R' to many different high random destination port besides 'U'. And remote machine sent TCP spurious retransmission packet every few seconds to client host destination port 'T', and client host reply TCP Dup ACK subsequently.
Does anyone know what might be the reason causing this?
