Firewall Rule to Restrict RDP Port Forward Not Working

AffordableIT · June 2019

I have a USG110 that I set up for a client. They have a software vendor who insists on using RDP for remote support. I set up Port Forwarding to send RDP traffic (on a non-standard port) to the server. In the firewall, I set up a rule to allow traffic from WAN1, with a source IP of the Vendor's public IP addresses to reach the server. It is straightforward, and I understand that this rule should only allow the forwarded RDP traffic from those particular public IP addresses to reach the server, and block all others. However, when I enable to NAT rule, RDP over that port from any PC on the internet is able to reach the server. Is there something else I should be doing? I have set something similar for another client with their remote VOIP phones, and it seems to work properly. I don't know why it should be different here. Any help is appreciated.

Zyxel_Stanley · June 2019

Hi @AffordableIT

You can make sure if your policy control rules allowed any traffic from internet.

And also check if default rule action is deny.

Image: https://us.v-cdn.net/6029482/uploads/editor/sn/mmk6opx8b5p4.png

PeterUK · June 2019

Maybe you have another rule in place for RDP that allows all?

AffordableIT · June 2019

Stanley,

Thank you for the input. It turns out that I needed an explicit DENY rule for RDP traffic (#2 on list) from any IP right under the rule allowing the forwarded RDP port from the specific IP addresses (#1 on list). I could not determine which subsequent rule was allowing it from any IP location, but the DENY rule took care of it.

Thanks again.

Zyxel_Stanley · June 2019

Hi @AffordableIT

It's good to know your issue has resolved. 😎

Firewall Rule to Restrict RDP Port Forward Not Working

All Replies

Categories

Security Highlight

Security Help Center