Problems getting Remote Desktop to work with a trusted and optional network, Watchguard Firebox X Edge

I have a Small Business Server 2003 Standard R2 with 2 nics.  The Internet goes through the watchguard firebox X Edge with the ip of 10.10.2.2 to the network card with the ip of 10.10.2.1.  The servers local area network is 10.10.1.1.

I have opened up several ports on the firewall.  Standard stuff like RDP, SMTP , ect.  I am unable to terminal service into the server (Or use any other ports)  When I type the ip address into internet explorer, it opens up the watchguard remote website, which leads me to believe that the firebox is forwarding traffic to my trusted network and not the optional network.

When I setup the incoming firewall settings, I opened up Port 3389  and forwared it to 10.10.1.1. I believe because 10.10.1.1 is on the optional network, it is not working and there is some setting I need help on.  

Anyone have any ideals?
LawotAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
LawotConnect With a Mentor Author Commented:
Okay, I got it to work.  I needed to forward everything to 10.10.2.1.  I had everything forwarded to 10.10.1.1 and that did not work.
0
 
suppsawsCommented:
Hello Lawot,

If you are working with RWW: https://FQDN/remote you need to forward port 4125 to your SBS server, no need to open port 3389


Regards,

suppsaws
0
 
LawotAuthor Commented:
I understand that, and I have forwared all ports to my sbs.  https://FQDN/remote will forward me to the watchguard box.  Again I believe this is an issue with everything being forwarded to my optional network and not my trusted one.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
suppsawsCommented:
I always install Edges onto my clients networks, but I'me using only one NIC.
If you have two nics, please use the following guide:
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx
(skip the isa part)
Just make sure you configure a firewall routle which forwards port 4125 to the sbs internal nic: 192.168.16.2 by default.
An ipconfig /all of the server and maybe one workstation would be interesting.
0
 
LawotAuthor Commented:
My local nic is 10.10.1.1.  I am forwarding everything to this nic
0
 
suppsawsCommented:
ipconfig /all of server would be interesting to see your setup, and maybe watchguard setup too.
can't tell anything out of one ip
0
 
LawotAuthor Commented:
Here are the results of the ipconfig /all
ip.JPG
0
 
suppsawsCommented:
did you also forward port 443 to the SBS?
0
 
dpk_walCommented:
Sorry to sound ilke this but I am confused on your network setup, if I understand correctly the setup you have is (A):
                                       10.10.2.x - Trusted network
    Internet ----- X Edge---------------------Server-----------------LAN
                                                                               10.10.1.1
The server is acting as a router. If this is the case then the things should work; you would need to configure options on server to forward packet to LAN and back.

OR is it (B):

                                       10.10.2.x - Trusted network
    Internet ----- X Edge---------------------Server-----------------LAN
                             |----------------------------|
                                        10.10.1.1 - Optional network

If it is B; then it would not work; there are many instances about multi-homed machine behind WG not being able to work properly. Can I ask you if you are having B as setup what is the need of having two NICs on the server; what if you use just one NIC.

Please advice.

Thank you.
0
 
LawotAuthor Commented:
Everything is forwarded to the SBS Server,  Everything.


dkp wall

I am pretty sure I am using option A

                                       10.10.2.x - Trusted network
    Internet ----- X Edge---------------------Server-----------------LAN
                                                                               10.10.1.1
Internet Nic is 10.10.2.1, Watchguard 10.10.2.2 and Server is 10.10.1.1

This is standard setup in a small business enviroment.  I need the 2 nics to enable windows firewall, going to one nic is not an option.  


How would I configure options on server to forward packet to LAN and back.


0
 
dpk_walCommented:
As your Server is acting as a router, add a route in WG as below:
In Configuration Page, go to Network > Routes; Add:
Network; 10.10.1.0/24; gateway 10.10.2.1

Now from WG you should be able to ping the machines on 10.10.1.x network and from the machines on 10.10.1.x you should be able to ping 10.10.2.2.

If above is true, then the rule you created to forward traffic to 10.10.1.1 would work; also you can create rule to allow incoming traffic to any of the machines on the 10.10.1.x network.

Thank you.
0
 
LawotAuthor Commented:
I added the route as you described.  But it is still forwarding to the firewall.  Any ideals?
0
 
dpk_walCommented:
After you added the route were you able to ping the internal IP address of the firewall from the machines on the 10.10.1.x network; if no, then the firewall would not be able to route traffic to the hosts.

Please note first have the connectivity between the machines on the 10.10.1.x network and the firewall; the machines should also be able to connect to the internet through the firewall and should the default gateway as the internal IP address of the firewall.

Further, please note you should be able to ping 10.10.1.1 and 10.10.2.1 from all the machines on the 10.10.1.x network; if no; then you need to check your settings on the Windows machines that it is acting as a router.

Thank you.
0
 
dpk_walCommented:
Good to know that the problem is resolved.
0
All Courses

From novice to tech pro — start learning today.