?
Solved

Sonicwall TZ170 won't pass through for Remote Desktop

Posted on 2009-02-17
7
Medium Priority
?
1,701 Views
Last Modified: 2012-06-27
I have a Sonicwall TZ170 hooked to a remote network. I have configured it to pass port 3389 from WAN to LAN/[designated inside IP's] and from LAN[designated IP's] to WAN. I can ping the firewall, which sits on a public address. The Sonicwall GVPN client connects just fine. But from there I cannot Remote Desktop to any systems (their firewalls are off, there is no local IP filtering, and RD is enabled). For that matter, with the GVPN client connected I cannot ping any inside addresses by number or name (NetBIOS pass-through is enabled). Otherwise the firewall seems to work fine. I have been all over Microsoft and Sonic's websites looking for the answer, but can't find it, so I thought I'd see what the experts think. Is there a complimentary protocol required? Both TCP and UDP are allowed on 3389. I could sure use some suggestions. Thank you.
0
Comment
Question by:214-042308
  • 4
  • 3
7 Comments
 
LVL 17

Expert Comment

by:ccomley
ID: 23660195
You do NOT need to craete ANY firewall rules for a GVPN client to access resources on the LAN (unless you have turned on the non-standard checkbox which forces VPN traffic to be filtered through the access ruleset). By default the action of the GVPN client is to attach you as if you were on the local network. It does this in part by giving you an IP address on the local network which it must derive either from tis own DHCP or by DHCP realy from your main DHCP server - and this is the bit that most folk don't have configured correctly.

Once your GVPN is working, you SHOULD be able to get a PING back from any device on the LAn which is responding to ping (don't assume the firewall will!). So fix  that first.

THEN I THINK youl'l find that RD just works. Does for me. :-)

0
 
LVL 1

Author Comment

by:214-042308
ID: 23664807
Nope - that's not it. I do have DHCP turned on at the firewall and it is handing out addresses to local systems just fine. If I fire up the Global VPN client it connects just fine but I still cannot use remote desktop. The "Group VPN" is enabled. My account validates and connects. But from there - nothing. No pinging inside address, no remote desktop, not even telnet.

Supposedly there are only three steps to make this work:
1. Install Global VPN Client and configure with local user account info under firewall's VPN settings.
2. Define access rule to allow TCP and UDP to pass through firewall on port 3389.
3. Load GVPN, validate, and fire up Remote Desktop.

But, alas, this is not the case. Still floundering looking for the answer.
0
 
LVL 17

Accepted Solution

by:
ccomley earned 1500 total points
ID: 23668411
OK one step at a time.

You enabled the Group VPN profile?
You exported the settings from that to the GVPN client config?
Once you connect, what Ip address does the remote session have?
Can you PING any "local" resource from the connected  GVPN client?

When you set up the GVPN client, does the status window show that the connection to the the host network has been established?

On the host sonicwall, in section "VPN" subsection "DHCP over VPN" what is the config?


0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 17

Expert Comment

by:ccomley
ID: 23668420
Oh - is your Sonicwall on Standard or Enhanced OS?  It makes a different to the rules!   (The good news is Standard is being phased out, so the difference will go away in another few months.)

0
 
LVL 1

Author Comment

by:214-042308
ID: 23671957
I'll check all these things and get back to the question. Appreciate you staying with it.
0
 
LVL 1

Author Comment

by:214-042308
ID: 23675137
Ok ccomley - you earned your points! After trying everything I could think of, I re-read your post #4 - while it was not dead-on, it did lead me in the right direction. After attempting a 3rd time to import the .RCF file, it somehow got it right. Then I set the firewall to turn off NAT and Firewall rules for VPN users only and voila! Works like a charm. Kudos.
0
 
LVL 17

Expert Comment

by:ccomley
ID: 23679528
Glad you got there!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month13 days, 16 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question