RDP from external network

Nigel,

Can you share the dnat you have created?

Make sure windows firewall is allowing the rdp traffic too.

Thanks

Hi Luk

The remote sites were connecting to the server via RDP with no probs until I added the xg into the equation

The server has a static IP and receives RDP traffic on port 10000

Here is the link I followed.. https://community.sophos.com/kb/en-us/122976

• Source Zones: WAN
• Allowed Client Networks: Any
• Destination Host/Network: WAN Interface    192.168.3.3
• Forward Type: Select the port, port range or port list that need to be forward from the WAN to the internal server    10000
• Protected Servers: Select or create an existing host entry for the server     Server_IP (172.16.30.10)
• Protected Zone: Select the Zone in which the host resides (LAN or DMZ)    LAN
• Change Destination Port(s): Only check this if you wish to change ports like redirecting port 80 to port 9000   Not Applicable
• Rewrite source address (Masquerading): Check    Enabled
• Optional
• Create Reflexive Rule: Check if the server will be initiating outgoing connections.

I was going to use this KB ... https://community.sophos.com/kb/en-us/123070 but non http based template no longer listed

So is the DNat Rule the closest to the non http based template

Thanks

Nigel

Hi Luk

The remote sites were connecting to the server via RDP with no probs until I added the xg into the equation

The server has a static IP and receives RDP traffic on port 10000

Here is the link I followed.. https://community.sophos.com/kb/en-us/122976

• Source Zones: WAN
• Allowed Client Networks: Any
• Destination Host/Network: WAN Interface    192.168.3.3
• Forward Type: Select the port, port range or port list that need to be forward from the WAN to the internal server    10000
• Protected Servers: Select or create an existing host entry for the server     Server_IP (172.16.30.10)
• Protected Zone: Select the Zone in which the host resides (LAN or DMZ)    LAN
• Change Destination Port(s): Only check this if you wish to change ports like redirecting port 80 to port 9000   Not Applicable
• Rewrite source address (Masquerading): Check    Enabled
• Optional
• Create Reflexive Rule: Check if the server will be initiating outgoing connections.

I was going to use this KB ... https://community.sophos.com/kb/en-us/123070 but non http based template no longer listed

So is the DNat Rule the closest to the non http based template

Thanks

Nigel

Nigel,

since your XG is behind another NAT device, make sure this one is forwarding the port 10.000 to XG WAN interface.

Regards

Hi Luk

I tested port 10000 forwarded to wan interface, no RDP access

Confirmed tonight that the traffic is not passing through the modem to the XG

No log activity

It points the modem

Even after disabling it's firewall settings still no traffic passing through

I will try a basic modem and let you know

Thanks

Nigel

Hi Nigel,

You need to forward the RDP traffic on port 3389 if the incoming port is configured as 1000 then, change the Destination Port to 3389(Default RDP port). Make sure modem forwards the incoming traffic to the firewall's interface. Take a packet capture on port 1000 and verify if the XG receives the traffic on the configured Port? Refer the KBA here to do a packet capture.

If you don't see any traffic on the configured port then you need to check the modem configurations.

Thanks

Hi Sachingurung

Thanks for your reply

Will be re-testing with your info

Nigel