Has anyone got XP remote desktop to work on a PC behing the firewall? I did everything per knowledge base article # 168179 but sitll doesn't work. Thanks
I run Microsoft's Remote Desktop Client every day. I use it to access my office PC from home, and also to access my home PC from the office. Both my home and my office has ASG 6.1 firewalls. Both firewalls has packet filter settings that allow just about all outbound traffic.
If you have set up a DNAT for port 3389 to your desktop, and a packet filter rule that reflects the same... and it still doesn't work... check the IPS rules.. you'll probably find false hits on 2 or 3 rules that specifically have to do w/ RDP.. just disable those rules. It's a pretty common problem.
Yep... easy.. just sort the list of main categories by clicking the row header for hits... then click the folder Icon to drill down and look thru the rules that have collected hits.. you're looking rules that have anything to do w/ RDP (it'll be part of the description of the rule).. just disable the offending ones.
post your applicable DNAT rule and Packet filter rule... there's a mistake there somewhere... make sure the default gateway on the subject PC is the Astaro.
Rules 1447 and 4060 in the IPS should be disabled or allowed. To find them, simply click the filters button in the top right of the rules page, and enter the string "RDP" in the substring blank.. and click Apply... it should list 4 rules total, 2 of which are RDP rules.
Rules 1447 and 4060 in the IPS should be disabled or allowed. To find them, simply click the filters button in the top right of the rules page, and enter the string "RDP" in the substring blank.. and click Apply... it should list 4 rules total, 2 of which are RDP rules.
[/ QUOTE ]
This is incorrect, as I was getting NO hits for Rule 1447 & 4060. However, I was getting a BUNCH of hits on Rule 1448 (MISC MS Terminal server request - ID 1448) which is disabled by default, which is interesting, as I was trying to MS Remote Desktop between two XP SP2 machines. The firewall on the local side was keeping thte request from going out which I also thought was strange, as I thought IPS for the most part, kept undesirable stuff from coming in.
Rules 1447 and 4060 in the IPS should be disabled or allowed. To find them, simply click the filters button in the top right of the rules page, and enter the string "RDP" in the substring blank.. and click Apply... it should list 4 rules total, 2 of which are RDP rules.
[/ QUOTE ]
This is incorrect, as I was getting NO hits for Rule 1447 & 4060. However, I was getting a BUNCH of hits on Rule 1448 (MISC MS Terminal server request - ID 1448) which is disabled by default, which is interesting, as I was trying to MS Remote Desktop between two XP SP2 machines. The firewall on the local side was keeping thte request from going out which I also thought was strange, as I thought IPS for the most part, kept undesirable stuff from coming in.
[/ QUOTE ]
I believe the rule definitions changed slightly, hence the slightly different numbers... anyhow, how did setting the rule to pass (yeah, I know it says it's disabled, I think that's one I had to set to pass regardless.. I think it's a bug) help, or have you tried that yet?
Setting this rule to allow traffic resolved all my RDP problems. I was even able to remove the RDP packet filter I had in place (actually, it never worked correctly as I always assumed it was the remote firewall blocking RDP, NOT my local firewall not letting RDP out!)
So to recap: Anyone wanting to RDP out thru ASL 6.xxx needs to change the default rule "MISC MS Terminal server request - ID 1448" to "Allow" as by default, it drops all internal attempts at RDP'ing into a remote computer.
BTW, this rule can easily be found by using the filter function and searching for "terminal server".
