Knowledgebase: Vigor2860
Configuring Vigor Router Firewall using Objects to allow RDP Access from one Source IP Address
Posted by Paul Ang on 23 February 2017 05:16 PM

In this example, we will configure the Vigor2860 router firewall to allow RDP access to a host on the LAN from one device on the Internet. We will use Objects to allow the computer “MyPC” to use RDP to access the host “PC1”.

 

 

 

 

 

Step 1: Configure Port Redirection

    1. Go to NAT>>Port Redirection and select the first index.

        a. Select enable to activate this profile.

        b. Enter Service Name as (e.g RDP).

        c. Enter Public Port as (e.g 514).

        d. Enter Private IP address which is PC1’s IP address (192.168.1.11).

        e. Enter Private Port as RDP Port (3389).

        f. Click OK to save your settings.

Step 2: Create Objects

    1. Create Object for “MyPC".

        a. Go to Object Settings>>IP Object and select the first index.

       b. Enter Name as “MyPC”.

       c. Select Address Type as Single Address.

       d. Enter “MyPC” public IP address.

       e. Click OK to save your settings.

    2. Create Object for PC1

        a. Select the 2nd index.

 

        b. Enter Name as PC1.

        c. Select Address Type as Single Address.

        d. Enter PC1 private IP address (192.168.1.11).

        e. Click OK to save your settings.

    3. Create Object for RDP Port.

        a. Go to Object Settings>>Service Type Object and select the first index.

        b. Name the Profile as “RDP".

        c. Select Protocol as “TCP".

        d. Enter Destination Port as RDP port (3389~3389).

        e. Click OK to save your settings.

Step 3: Create Firewall Filters

    1. Create filter rule that will block all RDP traffic if no other filter rule will match this rule.

        a. Go to Firewall>>Filter Setup, select Filter Set 2 and then Filter Rule 2.

        b. Select “Check to enable the Filter Rule”.

        c. Enter Comments as “e.g., Block_All_RDP”

        d. Select direction from WAN to LAN/DMZ/VPN

        e. Select “any” for Source IP.

        f. Select “PC1” object for Destination IP.

        g. Select “RDP” object for Service Type.

        h. Under Action/Profile, select “Block if no further match”.

        i. Click OK to save your settings.

    2. Create filter rule that will only allow MyPC to access PC1 remotely using RDP.

        a. Select Filter Rule 3.

        b. Select “Check to enable the Filter Rule”.

        c. Enter Comments as “e.g Allow_RDP_MyPC”.

        d. Select direction from WAN to LAN/DMZ/VPN.

        e. Select “MyPC” object for Source IP.

        f. Select “PC1” object for Destination IP.

        g. Select “RDP” object for Service Type.

        h. Under Action/Profile, select “Pass Immediately”.

        i. Click OK to save your settings.

Step 4: Testing

    a. Use Windows Run to launch the Remote desktop application.

        i. Enter the public IP address and port number of PC1.

        ii. Use a different computer to test the firewall policies.

    b. Repeat step 1 and 2

 

(4 vote(s))
Helpful
Not helpful

Comments (0)