Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 4115 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trying to RDP from the Internet into a workstation on the internal network on a custom port thru an inherited SG 105.

Jeff Goodman1

I have a new client that uses a SG 105. They previously used the Small Business Server remote workplace to remote into one station. Something in Windows 10 has broken that.  I am trying to allow RDP to a certain station on the internal network on a custom RDP port.  This is something I have done on repeatedly on Cisco ASAs and Pixes and most of the home variety routers.  Can someone point me to some information to help me figure out what to do.  

I am afraid to just start trying things because if I break something I would not know how to fix it.

I can see where my attempt to RDP is shown in gray on the Firewall log, but I cannot connect.

Any help would be appreciated.

Jeff

 



This thread was automatically locked due to age.
Parents
  • +1

    If I understand correctly, you want to access a machine from the internet using a custom RDP port?

    If that is the case, DNAT is what you are looking for. Check out this KB article: community.sophos.com/.../115145

  • 0 in reply to Jevin Lizardo

    I had figured DNAT was what I was looking for, but I was unable to find a good guide or step-by-step.

    This looks like what I have been searching for.  I do not have access until later today, but will try this ASAP.  Thank you.

  • 0 in reply to Jeff Goodman1

    Nevermind, i thought it is for a Sophos XG Firewall! Sorry!

     

    Just a little step by step:

     

    Best for me are the following steps:

    1. Log in to WebAdmin
    2. Go to System -> Host and Services -> Services
    3. Click Add on the top right corner
    4. Enter a name (Custom RDP-Port)
    5. Select a Type (TCP/UDP)
    6. Enter Protocol, Source Port and your Custom Destination Port (TCP | * | 62233 (e.g.))
    7. Click Save
    8. Go to Protect -> Firewall -> Add Bussiness Application Rule 
    9. Enter the Following:

    Rulename and desciption by your own. Other things follow the Picture:

     

     

    €dit: The protected Server is your server. you have to create an object for it.  The Destination & Services should be your internet-uplink port!

    In the "Source" fields you can specify the sources (like static IP-Addresses from the company or something like this) to get a little bit extra of security. You can change the Advanced settings if you want to. That should be it. 

    You could do the normal 3389 TCP Port and check the "Change Destination Ports" checkbox and use your custom port, but i think this is more dynamic in the future. Now you have to change one little object instead of alle FW-Rules.

     

    Kind Regards,

    Chris :)

Reply
  • 0 in reply to Jeff Goodman1

    Nevermind, i thought it is for a Sophos XG Firewall! Sorry!

     

    Just a little step by step:

     

    Best for me are the following steps:

    1. Log in to WebAdmin
    2. Go to System -> Host and Services -> Services
    3. Click Add on the top right corner
    4. Enter a name (Custom RDP-Port)
    5. Select a Type (TCP/UDP)
    6. Enter Protocol, Source Port and your Custom Destination Port (TCP | * | 62233 (e.g.))
    7. Click Save
    8. Go to Protect -> Firewall -> Add Bussiness Application Rule 
    9. Enter the Following:

    Rulename and desciption by your own. Other things follow the Picture:

     

     

    €dit: The protected Server is your server. you have to create an object for it.  The Destination & Services should be your internet-uplink port!

    In the "Source" fields you can specify the sources (like static IP-Addresses from the company or something like this) to get a little bit extra of security. You can change the Advanced settings if you want to. That should be it. 

    You could do the normal 3389 TCP Port and check the "Change Destination Ports" checkbox and use your custom port, but i think this is more dynamic in the future. Now you have to change one little object instead of alle FW-Rules.

     

    Kind Regards,

    Chris :)

Children
No Data
Unfiltered HTML