Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 39 subscribers
  • Views 5498 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RDP from WAN to LAN doesn't work - [SOLVED]

Sven David Hildebrandt

Hello,

I have two 'WAN to LAN' rules. The one is for HTTP and the other is for FTP. Both of them works! But when I try to set up a rule for RDP it won't work. Everything is the same as the rules that work, except for the service/port of course.

 

When I make an RDP request from WAN absolutely nothing is logged in the Firewall. It appears that traffic doesn't even reach the Firewall. I use the same DNS name when contacting via RDP as I do for both HTTP and FTP (that works).

Notice: RDP worked fine with UTM. I haven't changed any settings in my LAN. The server still accepts RDP and there is no local firewall issue. It simply seems to be a bug in XG.

This is the rule that works:


 

This doesn't work. NOTHING in the firewall log



This thread was automatically locked due to age.
  • 0

    Hi guys,

     

    I've been trying to solve this for quite a while but now I solved the problem myself while posting here. Both the HTTP and FTP services were already predefined in the firewall. The RDP service I created myself. The problem was that I had set both the source and destination port as 3389, my bad. When I set the source port to 1:65535 it worked!

    Thanks

  • 0 in reply to Sven David Hildebrandt

    Hi Sven,

    Glad you Doubt was solved.

    but i have a 2 tips for you:

    1- Never put a port 3389 the front of the internet.

    2- When you postin a print Please hides your IP WAN.

     

     

     

    Att,

     

    Guilherme Figueiredo

     Engeener Sophos UTM & Sophos XG,

    Certified SonicWall Security Administrator.

  • 0 in reply to Guilherme Figueiredo

    Thanks Guilherme!

    Good advice. I forgot to hide the IP, but it's not permanent/fixed so it changes once in a while. I use a Dynamic DNS service.

    When it comes to the RDP I set Any in the 'Allowed Client Networks' when making the screenshots, but in reality it's just the public IP of my work network that is allowed via RDP, not Any.

    Thanks again.

Unfiltered HTML