Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 12358 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RDP of a Windows computer through UTM 9.3 between multiple subnets?

GarryGalon

I have published several RDP targets through my UTMs over the years, but this particular one seems to have me stumped. So, here is my layout.

Internet -->Router (Subnet 1)-->UTM--(Subnet 2)

Subnet 1 houses all of my General use items (WiFi TVs, Game Consoles, guest wireless, Apple computers, etc)

Subnet 2 houses my more critical items on Windows based network such as my File Servers, Windows computers, and home security. Which is why it's further protected by the UTM. I do love me that defence in depth philosophy.

I have published services, and such on the UTM as needed so my TVs, and Consoles can access my Media Server, and file servers, etc. Everything works perfectly except for this darn RDP.

What I want to do is setup an RDP rule that will allow 1 particular machine on Subnet 1 to be able to RDP into a particular unit on Subnet 2. I've created all of the Network Definitions, but no matter what I do, or try, I simply can't get the RDP connection to establish.

I do have the SSL VPN setup and working, so when I'm away from home, I can VPN into my network and RDP to the client as needed. But, when I'm at home, and on my laptop that obviously doesn't work. I can turn off the WiFi on my laptop, tether to my phone, and VPN in, but that's just kind of clumsy.

Any thoughts or ideas?



This thread was automatically locked due to age.
Parents
  • 0
    Hey guys, and thanks for the quick replies.
    So, it turns out I was having a brainfart. I was trying to setup my session to RDP to the IP address of the Sophos UTM instead of the final IP address of the windows machine I was trying to get to. I followed through the logic from vilic's suggestion after reading the Firewall log file sifting out the pertinent RDP blocks.

    So, if anyone else is trying to do something similar to this in the future, first off MAKE SURE YOU HAVE A PROPER ROUTE SETUP FIRST!!!. I think that was my problem. On the Macbook Pro, I added the route to Subnet2 with the gateway being the UTM's "external" IP address which is on Subnet1.
    I then remade the DNAT rule:
    Traffic selector: MBPro IP --> RDP Protocol --> UTM External IP
    Destination: Subnet2 IP address of RDP host
    Automatic Firewall rule.
    I tested successfully with the default RDP Protocol port with the ip address of the RDP host, and then tweaked it for my random port number I use for my RDP sessions. Everything is working great now!
    (Face palm)
Reply
  • 0
    Hey guys, and thanks for the quick replies.
    So, it turns out I was having a brainfart. I was trying to setup my session to RDP to the IP address of the Sophos UTM instead of the final IP address of the windows machine I was trying to get to. I followed through the logic from vilic's suggestion after reading the Firewall log file sifting out the pertinent RDP blocks.

    So, if anyone else is trying to do something similar to this in the future, first off MAKE SURE YOU HAVE A PROPER ROUTE SETUP FIRST!!!. I think that was my problem. On the Macbook Pro, I added the route to Subnet2 with the gateway being the UTM's "external" IP address which is on Subnet1.
    I then remade the DNAT rule:
    Traffic selector: MBPro IP --> RDP Protocol --> UTM External IP
    Destination: Subnet2 IP address of RDP host
    Automatic Firewall rule.
    I tested successfully with the default RDP Protocol port with the ip address of the RDP host, and then tweaked it for my random port number I use for my RDP sessions. Everything is working great now!
    (Face palm)
Children
No Data