Network Protection: Firewall, NAT, QoS, & IPS Connections to 3389 port

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 10 replies
Subscribers 7 subscribers
Views 15230 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connections to 3389 port

DrMeskon over 6 years ago

Hi,

I've configured destination NAT on Sophos UTM9 on public interface IP:3389->Local_ip:3389

In firewall live logging i see entries like this

Occasionally someone is sending SYN request and nothing more (this is what live log shows)

By the way netstat shows TCP Local_ip:3389 xx-xxx-33-158:54592 ESTABLISHED

and after second this ESTABLISHED is gone.

I've tried telnet from outside with one PC and established is long enough, so is this a some kind of scan?

Is this harmfull?

This thread was automatically locked due to age.

Parents

0 apijnappels over 6 years ago

Please do NOT use RDP over a public internet connection. If you need to access it, then use a VPN or look at RDP gateway like told above.

Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Cancel
Vote Up 0 Vote Down

Cancel
0 DrMeskon over 6 years ago in reply to apijnappels

What is RDP gateway, i have not seen it in configuration on my UTM9
Cancel
Vote Up 0 Vote Down

Cancel
0 apijnappels over 6 years ago in reply to DrMeskon

A Remote Desktop Gateway Server enables users to connect to remote computers on a corporate network from any external computer. The RD Gateway uses the Remote Desktop Protocol & the HTTPS Protocol to create a secure encrypted connection.

It is not a UTM product, but a product available in Microsoft Server operating systems.

If you cannot use that, than for security it's much better to configure VPN-connection from your clients and then make the RDP machine(s) available to the VPN users and not publicly to the internet.

Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 apijnappels over 6 years ago in reply to DrMeskon

A Remote Desktop Gateway Server enables users to connect to remote computers on a corporate network from any external computer. The RD Gateway uses the Remote Desktop Protocol & the HTTPS Protocol to create a secure encrypted connection.

It is not a UTM product, but a product available in Microsoft Server operating systems.

If you cannot use that, than for security it's much better to configure VPN-connection from your clients and then make the RDP machine(s) available to the VPN users and not publicly to the internet.

Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data