Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 4 subscribers
  • Views 3962 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Desktop not routing to correct computer from outside

Toby Rogers

This is my first post on the site, so please bare with me if I don't make sense.

I just installed Sophos UTM 9 (Home version) and love what I see and have things working except for RDP from the outside world. 

I'm using DynDns for a public IP address and have set that up in the DynDNS section of DNS.  I also created these two DNAT entries for the computers that I want to RDP into.

 

 

I'm using FQDN in my remote desktop app...  

BI-75HF1.domainname.com and BI-75HF2.domainname.com.  

 

When I turn on both of the RDP entries and turn on the DynDNS entry.  I can only RDP to the first server HF1 not the second one, HF2.  Yes the image shows HF2 as turned off but when I was attempting to connect, I had it open.  The issue is when both of them are turned on and I try to connect to HF2 it automatically connects me to HF1, even though I use BI-75HF2.domainname.com in the address field of the RDP app.

 

Also thought I would add what my DynDNS configuration looks like in case I missing something in there.  (Again showing off but was on when trying to RDP)

 

 

Any help would be greatly appreciated.



This thread was automatically locked due to age.
  • +1

    Hi Toby,

    Welcome to UTM Community.

     

    as you stated you are using the Home Edition i assume the following conditions:

    - Home Environment

    - only one public IP (Dynamic)

     

    i think you are Messing Things up - i'll try to explain:

     

    The set of NAT Rules is working "Top Down" and "First Match" 

    as you have two times the same Traffic selector only the first enabled rule will match. 

    Please do not Use the "WAN(Network)" Object here if you cannot explain why ;) 

    - use "WAN(Address)" instead.

     

    Even if you Register two different DNS Names for your UTM they are pointing at the same public IP

    UTM does not validate Hostnames in DNAT Rules (neither other Gateways do so) --> Top-Down: First Match

    i think you confuse Things with "RDP Gateway" which is not an UTM Feature.

     

    to solve your Problem you can use different ports from outside

    1. copy the original Service Definition and name it  "RDP plus one" Change Destination port to 3390 (=3389+1)

    2. configure your second DNAT Rule to use the new Service and Change Destination port to the original RDP Service Definition (3389)

    3. Testing: connect your portable device to an external Network and open your RDP Session with the new port separated by colon. 

    should work with "automatic Firewall Rules" checked, otherwise you'll Need to create the rules manualy.

     

    yours Lukas

    lna@cema

    SCA (utm+xg), SCSE, SCT

    Sophos Platinum Partner

Unfiltered HTML