Knowledgebase
How to Configure Vigor 2960 Router to only allow RDP access from one Source IP
Posted by Paul Ang on 01 August 2016 04:42 PM

In this document, we will show how to configure the Vigor2960 Firewall to permit RDP access from one IP source address.  The first step is to configure port redirection to allow RDP access to the server in the LAN and then we will configure the firewall to restrict access to specified source IP addresses from the Internet.

Note: This application note also applies to Vigor3900 router.

Configure Vigor 2960

     1. Connect to the router.

        a. Use your internet browser to log into the router web interface.

        b. The default IP address of the router is 192.168.1.1

        c. Default username and password are:

             Username: admin

             Password: admin

Configure RDP Access

     a. Go to NAT>>Port Redirection and then click (Add button).

     b. Enter Profile name and select (Enable).

     c. Enter a Public Port; this is the port number that you will use outside your network.

     d. Enter a Private IP address, which is the server local IP address.

     e. Enter a Private Port, which is the RDP Port (3389).

     f. Click Apply to save your settings.

Configure Firewall 

     a. Go to Firewall>>Filter Setup.

     b. Click Add button to create a Policy Group.

     c. Enter a Group name (Block) and select enable.

     d. Under Block Policy Group, click Add to create a rule.  Enter a Rule name (eg. Block) and then select enable.

     e. Select “Block If No Further Match” under Action.

     f. Under “Destination IP Object” click the plus sign (+) to add IP address.

     g. Enter Profile name, Address Type as “Single” and then Start IP address (local IP address of the Server).

     h. Click Apply to save your settings.

     i. Repeat step c. but enter a different Group Name (e.g. Allow).

     j. Under Allow Policy Group, click Add to create a rule. Enter a Rule name (e.g. RDP) and then select enable.

     k. Select “Allow” under Actions.

     l. Under “Source IP Object” click the plus sign (+) to add IP addresses.

     m. Enter Profile name, Address Type as “Single” and then Start IP Address (Public IP address of your Laptop).

     n. Under “Destination IP Object” tick the server IP address.

     o. Click Apply to save your settings.

     p. Under Block Policy group select the rule Block and click edit.

     q. Select “Allow” under Next Group; this will set the sequence of the firewall policy.

     r. Click Apply to save your settings.

 

Test that the firewall policy is working

     1. In your laptop use the shortcut keys from your keyboard (Windows Logo+R). It will bring up a small page from the bottom right of your screen (Run). Then type “mstsc” to open the Remote Desktop software

     2. Type the Public IP address of Vigor 2960 then click Connect to access the server remotely.

     3. You can also use a different source IP address to test if the firewall filter policy will block the connection.

 

(7 vote(s))
Helpful
Not helpful

Comments (0)