ATP100: Policy Control Center "skips" rules?

Hi,

I'm trying to configure a simple rule for incoming Remote Desktop Connection.
I've first configured Policy Control Center and then the Nat with a Virtual Server.
The problem is that when i try the connection the FW reject it saying "Match default rule, DROP".

it seems that the rule saved is "skipped" by the firewall.

Name: Remote_Desktop
From: WAN
To: LAN1
Source: Any
Destination: All_Traffic (range 0.0.0.0 to 255.255.255.255)
Service: RDP
Device: Any
USer: Any
Schedule: None
Action. Allow
Log Matched Traffica: log


For me it is ok, but it doesn't work!

Please help me!

Thanks

Luca

Accepted Solution

  • PeterUK
    PeterUK Posts: 1,586
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member
    edited January 24 Answer ✓

    I understand that using WAN Zone includes both...


    Yes for Policy control Rule but not for NAT rule you need to set incoming interface to wan1_ppp or wan_ppp


All Replies

  • PeterUK
    PeterUK Posts: 1,586
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    Is this windows 10/11 pro?

    Try Destination any

    Could your ISP be blocking default RDP port?

    Is the firewall for windows allowed for RDP?

    Do a capture on the ATP when you scan for port 3389

    https://www.grc.com/port_3389.htm

    show us the  Virtual Server NAT rule


  • Hi Peter,

    The PC i'm using for test is a Windows 11 Pro notebook. At the moment the Windows Firewall is disabled.
    We changed last week the router (previously we used Fortinet) and the RDP connection was working with the previous router and then we can exclude ISP problems.
    Changing the Security Policy Rule for Destination Any does not solve the problem: in the log i find  ACCESS BLOCK.

    Trying the Scan using the website you suggested the results are:
    - on website status reported is STEALTH
    - on ATP100 :
    2023-01-23 10:10:13
    notice
    Security Policy Control
    Match default rule, DROP [count=10]
    4.79.142.206:39639
    xxx.xxx.xxx.xxx:3389
    ACCESS BLOCK

    The Virtual Server rule is


    Thanks


  • PeterUK
    PeterUK Posts: 1,586
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    What type of internet connection do you have? Are you sure its not wan1_ppp for incoming you need?


  • WJS
    WJS Posts: 61
    First Answer First Comment First Anniversary
     Ally Member
    Agree PeterUK, checking zones "WAN" "LAN" if this is correct. 
  • Hi,

    The connection type is PPPOE but in the Zone section WAN is defined with both wan and wan_ppp.
    I understand that using WAN Zone includes both...


    I


  • Thanks Peter,

    I found the "ACCESS BLOCK" in the log not so clear for me. I'm, focused on the Security Rules thinking that the problem was there. As you wrote changing the NAT into wan_ppp solved the problem

Security Highlight