external RDP access does not work - XG Firewall bridge mode

Question

I need to learn how to free external access to RDP. Before placing the Sophos Firewall on the bridge, my Mikrotik was solely responsible for releasing the RDP ports of each server of mine. Now I can't communicate externally with my servers, only locally. 
 Each server of mine has a fixed iP and a separate RDP port, for example: 
 Server 01: ip: 192.168.0.150 RDP port: 3389 
 Server 02: ip: 192.168.0.151 RDP port: 3390 
 and so on.... In my mikrotik there are TCP and UDP rules with the release of the port for the local fixed IP. I also have a DDNS account added to my mikrotik. This allows me to communicate with my servers in 2 ways, through my public IP and through my DDNS, for example: 
 Server 01: Public IP (example): 189.38.32.1:3389 or: myddns.net:3389 
 Server 02: Public IP (example): 189.38.32.1:3390 or: myddns.net:3390 
 before adding the Sophos firewall, external access was functional. Now, with the addition of the Sophos firewall, I can't do that anymore. 
 Grateful for the help and suggestions!

LHerzog · Accepted Answer

Start a TCP Dump on your Webadmin GUI. Maybe you have an issue because of IP Spoof detection. You will see the reason there if the packet is dropped.

emmosophos · Answer

Hello Diego, 
 Thank you for contacting the Sophos Community! 
 As suggested by LHerzog, start by doing a Packet Capture on the WAN interface of your XG, to see if you&rsquo;re seeing the traffic arriving at the WAN, then if you&rsquo;re seeing you can do a TCPdump on the Advanced Shell of the XG to see if the XG is forwarding the traffic to your server and hearing back from it. 
 In the Advanced Shell you would run 
 #tcpdump -eni Port3 host 192.168.0.150 and port 3389 
 Also, try posting a screenshot of your DNAT rules showing the Ports used in the Services tab. 
 Regards,

external RDP access does not work - XG Firewall bridge mode

Top Replies