Firewall Rule to Restrict RDP Port Forward Not Working
Options
AffordableIT
Posts: 2
I have a USG110 that I set up for a client. They have a software vendor who insists on using RDP for remote support. I set up Port Forwarding to send RDP traffic (on a non-standard port) to the server. In the firewall, I set up a rule to allow traffic from WAN1, with a source IP of the Vendor's public IP addresses to reach the server. It is straightforward, and I understand that this rule should only allow the forwarded RDP traffic from those particular public IP addresses to reach the server, and block all others. However, when I enable to NAT rule, RDP over that port from any PC on the internet is able to reach the server. Is there something else I should be doing? I have set something similar for another client with their remote VOIP phones, and it seems to work properly. I don't know why it should be different here. Any help is appreciated.
0
All Replies
-
You can make sure if your policy control rules allowed any traffic from internet.
And also check if default rule action is deny.
0 -
Maybe you have another rule in place for RDP that allows all?
0 -
Stanley,
Thank you for the input. It turns out that I needed an explicit DENY rule for RDP traffic (#2 on list) from any IP right under the rule allowing the forwarded RDP port from the specific IP addresses (#1 on list). I could not determine which subsequent rule was allowing it from any IP location, but the DENY rule took care of it.
Thanks again.
0 -
It's good to know your issue has resolved. 😎
0
Categories
- All Categories
- 393 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 906 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight