Problems getting Remote Desktop to work with a trusted and optional network, Watchguard Firebox X Edge

I have a Small Business Server 2003 Standard R2 with 2 nics.  The Internet goes through the watchguard firebox X Edge with the ip of 10.10.2.2 to the network card with the ip of 10.10.2.1.  The servers local area network is 10.10.1.1.

I have opened up several ports on the firewall.  Standard stuff like RDP, SMTP , ect.  I am unable to terminal service into the server (Or use any other ports)  When I type the ip address into internet explorer, it opens up the watchguard remote website, which leads me to believe that the firebox is forwarding traffic to my trusted network and not the optional network.

When I setup the incoming firewall settings, I opened up Port 3389  and forwared it to 10.10.1.1. I believe because 10.10.1.1 is on the optional network, it is not working and there is some setting I need help on.  

Anyone have any ideals?
LawotAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

suppsawsCommented:
Hello Lawot,

If you are working with RWW: https://FQDN/remote you need to forward port 4125 to your SBS server, no need to open port 3389


Regards,

suppsaws
0
LawotAuthor Commented:
I understand that, and I have forwared all ports to my sbs.  https://FQDN/remote will forward me to the watchguard box.  Again I believe this is an issue with everything being forwarded to my optional network and not my trusted one.
0
suppsawsCommented:
I always install Edges onto my clients networks, but I'me using only one NIC.
If you have two nics, please use the following guide:
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx
(skip the isa part)
Just make sure you configure a firewall routle which forwards port 4125 to the sbs internal nic: 192.168.16.2 by default.
An ipconfig /all of the server and maybe one workstation would be interesting.
0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

LawotAuthor Commented:
My local nic is 10.10.1.1.  I am forwarding everything to this nic
0
suppsawsCommented:
ipconfig /all of server would be interesting to see your setup, and maybe watchguard setup too.
can't tell anything out of one ip
0
LawotAuthor Commented:
Here are the results of the ipconfig /all
ip.JPG
0
suppsawsCommented:
did you also forward port 443 to the SBS?
0
dpk_walCommented:
Sorry to sound ilke this but I am confused on your network setup, if I understand correctly the setup you have is (A):
                                       10.10.2.x - Trusted network
    Internet ----- X Edge---------------------Server-----------------LAN
                                                                               10.10.1.1
The server is acting as a router. If this is the case then the things should work; you would need to configure options on server to forward packet to LAN and back.

OR is it (B):

                                       10.10.2.x - Trusted network
    Internet ----- X Edge---------------------Server-----------------LAN
                             |----------------------------|
                                        10.10.1.1 - Optional network

If it is B; then it would not work; there are many instances about multi-homed machine behind WG not being able to work properly. Can I ask you if you are having B as setup what is the need of having two NICs on the server; what if you use just one NIC.

Please advice.

Thank you.
0
LawotAuthor Commented:
Everything is forwarded to the SBS Server,  Everything.


dkp wall

I am pretty sure I am using option A

                                       10.10.2.x - Trusted network
    Internet ----- X Edge---------------------Server-----------------LAN
                                                                               10.10.1.1
Internet Nic is 10.10.2.1, Watchguard 10.10.2.2 and Server is 10.10.1.1

This is standard setup in a small business enviroment.  I need the 2 nics to enable windows firewall, going to one nic is not an option.  


How would I configure options on server to forward packet to LAN and back.


0
dpk_walCommented:
As your Server is acting as a router, add a route in WG as below:
In Configuration Page, go to Network > Routes; Add:
Network; 10.10.1.0/24; gateway 10.10.2.1

Now from WG you should be able to ping the machines on 10.10.1.x network and from the machines on 10.10.1.x you should be able to ping 10.10.2.2.

If above is true, then the rule you created to forward traffic to 10.10.1.1 would work; also you can create rule to allow incoming traffic to any of the machines on the 10.10.1.x network.

Thank you.
0
LawotAuthor Commented:
I added the route as you described.  But it is still forwarding to the firewall.  Any ideals?
0
dpk_walCommented:
After you added the route were you able to ping the internal IP address of the firewall from the machines on the 10.10.1.x network; if no, then the firewall would not be able to route traffic to the hosts.

Please note first have the connectivity between the machines on the 10.10.1.x network and the firewall; the machines should also be able to connect to the internet through the firewall and should the default gateway as the internal IP address of the firewall.

Further, please note you should be able to ping 10.10.1.1 and 10.10.2.1 from all the machines on the 10.10.1.x network; if no; then you need to check your settings on the Windows machines that it is acting as a router.

Thank you.
0
LawotAuthor Commented:
Okay, I got it to work.  I needed to forward everything to 10.10.2.1.  I had everything forwarded to 10.10.1.1 and that did not work.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dpk_walCommented:
Good to know that the problem is resolved.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.