We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


Sonicwall TZ170 won't pass through for Remote Desktop

214-042308 asked
Medium Priority
Last Modified: 2012-06-27
I have a Sonicwall TZ170 hooked to a remote network. I have configured it to pass port 3389 from WAN to LAN/[designated inside IP's] and from LAN[designated IP's] to WAN. I can ping the firewall, which sits on a public address. The Sonicwall GVPN client connects just fine. But from there I cannot Remote Desktop to any systems (their firewalls are off, there is no local IP filtering, and RD is enabled). For that matter, with the GVPN client connected I cannot ping any inside addresses by number or name (NetBIOS pass-through is enabled). Otherwise the firewall seems to work fine. I have been all over Microsoft and Sonic's websites looking for the answer, but can't find it, so I thought I'd see what the experts think. Is there a complimentary protocol required? Both TCP and UDP are allowed on 3389. I could sure use some suggestions. Thank you.
Watch Question


You do NOT need to craete ANY firewall rules for a GVPN client to access resources on the LAN (unless you have turned on the non-standard checkbox which forces VPN traffic to be filtered through the access ruleset). By default the action of the GVPN client is to attach you as if you were on the local network. It does this in part by giving you an IP address on the local network which it must derive either from tis own DHCP or by DHCP realy from your main DHCP server - and this is the bit that most folk don't have configured correctly.

Once your GVPN is working, you SHOULD be able to get a PING back from any device on the LAn which is responding to ping (don't assume the firewall will!). So fix  that first.

THEN I THINK youl'l find that RD just works. Does for me. :-)


Nope - that's not it. I do have DHCP turned on at the firewall and it is handing out addresses to local systems just fine. If I fire up the Global VPN client it connects just fine but I still cannot use remote desktop. The "Group VPN" is enabled. My account validates and connects. But from there - nothing. No pinging inside address, no remote desktop, not even telnet.

Supposedly there are only three steps to make this work:
1. Install Global VPN Client and configure with local user account info under firewall's VPN settings.
2. Define access rule to allow TCP and UDP to pass through firewall on port 3389.
3. Load GVPN, validate, and fire up Remote Desktop.

But, alas, this is not the case. Still floundering looking for the answer.
OK one step at a time.

You enabled the Group VPN profile?
You exported the settings from that to the GVPN client config?
Once you connect, what Ip address does the remote session have?
Can you PING any "local" resource from the connected  GVPN client?

When you set up the GVPN client, does the status window show that the connection to the the host network has been established?

On the host sonicwall, in section "VPN" subsection "DHCP over VPN" what is the config?

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Oh - is your Sonicwall on Standard or Enhanced OS?  It makes a different to the rules!   (The good news is Standard is being phased out, so the difference will go away in another few months.)


I'll check all these things and get back to the question. Appreciate you staying with it.


Ok ccomley - you earned your points! After trying everything I could think of, I re-read your post #4 - while it was not dead-on, it did lead me in the right direction. After attempting a 3rd time to import the .RCF file, it somehow got it right. Then I set the firewall to turn off NAT and Firewall rules for VPN users only and voila! Works like a charm. Kudos.

Glad you got there!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.