ATP100: Policy Control Center "skips" rules?

Options
LucaLeoncavallo
LucaLeoncavallo Posts: 4
First Comment
in Security
Hi,

I'm trying to configure a simple rule for incoming Remote Desktop Connection.
I've first configured Policy Control Center and then the Nat with a Virtual Server.
The problem is that when i try the connection the FW reject it saying "Match default rule, DROP".

it seems that the rule saved is "skipped" by the firewall.

Name: Remote_Desktop
From: WAN
To: LAN1
Source: Any
Destination: All_Traffic (range 0.0.0.0 to 255.255.255.255)
Service: RDP
Device: Any
USer: Any
Schedule: None
Action. Allow
Log Matched Traffica: log


For me it is ok, but it doesn't work!

Please help me!

Thanks

Luca

Accepted Solution

  • PeterUK
    PeterUK Posts: 2,709  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 2023 Answer ✓
    Options
    LucaLeoncavallo said:

    I understand that using WAN Zone includes both...


    Yes for Policy control Rule but not for NAT rule you need to set incoming interface to wan1_ppp or wan_ppp


All Replies

  • PeterUK
    PeterUK Posts: 2,709  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Is this windows 10/11 pro?

    Try Destination any

    Could your ISP be blocking default RDP port?

    Is the firewall for windows allowed for RDP?

    Do a capture on the ATP when you scan for port 3389

    https://www.grc.com/port_3389.htm

    show us the  Virtual Server NAT rule


  • LucaLeoncavallo
    LucaLeoncavallo Posts: 4
    First Comment
    Options
    Hi Peter,

    The PC i'm using for test is a Windows 11 Pro notebook. At the moment the Windows Firewall is disabled.
    We changed last week the router (previously we used Fortinet) and the RDP connection was working with the previous router and then we can exclude ISP problems.
    Changing the Security Policy Rule for Destination Any does not solve the problem: in the log i find  ACCESS BLOCK.

    Trying the Scan using the website you suggested the results are:
    - on website status reported is STEALTH
    - on ATP100 :
    2023-01-23 10:10:13
    notice
    Security Policy Control
    Match default rule, DROP [count=10]
    4.79.142.206:39639
    xxx.xxx.xxx.xxx:3389
    ACCESS BLOCK

    The Virtual Server rule is


    Thanks


  • PeterUK
    PeterUK Posts: 2,709  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    What type of internet connection do you have? Are you sure its not wan1_ppp for incoming you need?


  • WJS
    WJS Posts: 129  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Agree PeterUK, checking zones "WAN" "LAN" if this is correct. 
  • LucaLeoncavallo
    LucaLeoncavallo Posts: 4
    First Comment
    Options
    Hi,

    The connection type is PPPOE but in the Zone section WAN is defined with both wan and wan_ppp.
    I understand that using WAN Zone includes both...


    I


  • PeterUK
    PeterUK Posts: 2,709  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 2023 Answer ✓
    Options
    LucaLeoncavallo said:

    I understand that using WAN Zone includes both...


    Yes for Policy control Rule but not for NAT rule you need to set incoming interface to wan1_ppp or wan_ppp


  • LucaLeoncavallo
    LucaLeoncavallo Posts: 4
    First Comment
    Options
    Thanks Peter,

    I found the "ACCESS BLOCK" in the log not so clear for me. I'm, focused on the Security Rules thinking that the problem was there. As you wrote changing the NAT into wan_ppp solved the problem

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)