Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 15927 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RDP from Internal to DMZ not working

ICT123

Hi UTM Community,

I'm trying to get standard RDP working from our internal network to a server located in our DMZ.

I can ping the server via IP/name from internal no problems.

The rules I've set are (source/protocol/destination) "Internal (network)" - "RDP" - "DMZ (network)" - Allow.
Also tried more a more granular "internal PC" - "RDP" - "Server in DMZ" - Allow.
Finally "Internal (Network)" - "ANY" - "DMZ (network)" - Allow.

None of the above seems to be allowing traffic. Each time I try to connect I get:

13:00:51

Default DROP

TCP

 

10.150.46.3

:

3389

10.150.0.2

:

59868

10.150.46.3 is the server in DMZ I'm trying to RDP to
10.150.0.2 is the workstation in INTERNAL I'm connecting from.

One thing that I’ve noticed in comparing the log with other working rules is the source and destination addresses are the opposite way around. I think this is likely my problem?

For example a rule that IS working is “Server in DMZ” (10.150.46.3) – 32001 – “Server in VS-002” (10.150.2.2) – Allow. The log shows:

12:59:49

Packet filter rule #35

TCP

 

10.150.46.3

:

60481

10.150.2.2

:

32001

On the rule that is failing I would have thought the log should be 10.150.0.2:59868 -> 10.150.46.3:3389

So it appears I’m setting up the rule the wrong way, can anyone point me in the right direction?

Appreciate your help.



This thread was automatically locked due to age.
Parents
  • 0
    Thanks for your input Sibtel, I've resolved the issue.

    It was a network configuration issue on the router sitting behind the UTM. Internal traffic destined for the DMZ network was being routed directly, bypassing the UTM completely.

    For anyone that has a similar issue in the future, trace route is your friend :)
Reply
  • 0
    Thanks for your input Sibtel, I've resolved the issue.

    It was a network configuration issue on the router sitting behind the UTM. Internal traffic destined for the DMZ network was being routed directly, bypassing the UTM completely.

    For anyone that has a similar issue in the future, trace route is your friend :)
Children
  • 0 in reply to ICT123

    My Environment is as follows 

     

    Internet  ----> Sophos UTM Software Appliance ----> Switch ----> hosts 

     

    1) I would like to connect to a google Virtual Machine using a Public facing IP Address, i am able to connect when i am using my mobile internet but with Sophos UTM not working.

       please let me know what are the rules has to be created in order to achieve this connection

    2) we have a server running on Azure Cloud and it has Cpanel & WHM, when i try to connect to those URL's from NON Sophos environment it works but behind Sophos its not working 

      Ports are 2083&2087 via HTTPS 

    I use Public facing IP Address to connect like https://publicip:2083 and https://publicip:2087

    Please help i am new to Sophos.

  • 0 in reply to Gayathri Sujith

    Hi and welcome to the UTM Community!

    For your first question, you probably need a masquerading rule.  See #3.1 in Rulz.

    One of the unwritten rules here is "one topic per thread" - that's to make it easier for future members to find an answer to their question without starting a new thread that's already been answered.  Please ask your second question in the Web Protection forum.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML