Link to home
Start Free TrialLog in
Avatar of 214-042308
214-042308

asked on

Sonicwall TZ170 won't pass through for Remote Desktop

I have a Sonicwall TZ170 hooked to a remote network. I have configured it to pass port 3389 from WAN to LAN/[designated inside IP's] and from LAN[designated IP's] to WAN. I can ping the firewall, which sits on a public address. The Sonicwall GVPN client connects just fine. But from there I cannot Remote Desktop to any systems (their firewalls are off, there is no local IP filtering, and RD is enabled). For that matter, with the GVPN client connected I cannot ping any inside addresses by number or name (NetBIOS pass-through is enabled). Otherwise the firewall seems to work fine. I have been all over Microsoft and Sonic's websites looking for the answer, but can't find it, so I thought I'd see what the experts think. Is there a complimentary protocol required? Both TCP and UDP are allowed on 3389. I could sure use some suggestions. Thank you.
Avatar of ccomley
ccomley
Flag of United Kingdom of Great Britain and Northern Ireland image
You do NOT need to craete ANY firewall rules for a GVPN client to access resources on the LAN (unless you have turned on the non-standard checkbox which forces VPN traffic to be filtered through the access ruleset). By default the action of the GVPN client is to attach you as if you were on the local network. It does this in part by giving you an IP address on the local network which it must derive either from tis own DHCP or by DHCP realy from your main DHCP server - and this is the bit that most folk don't have configured correctly.

Once your GVPN is working, you SHOULD be able to get a PING back from any device on the LAn which is responding to ping (don't assume the firewall will!). So fix  that first.

THEN I THINK youl'l find that RD just works. Does for me. :-)

Avatar of 214-042308
214-042308

ASKER

Nope - that's not it. I do have DHCP turned on at the firewall and it is handing out addresses to local systems just fine. If I fire up the Global VPN client it connects just fine but I still cannot use remote desktop. The "Group VPN" is enabled. My account validates and connects. But from there - nothing. No pinging inside address, no remote desktop, not even telnet.

Supposedly there are only three steps to make this work:
1. Install Global VPN Client and configure with local user account info under firewall's VPN settings.
2. Define access rule to allow TCP and UDP to pass through firewall on port 3389.
3. Load GVPN, validate, and fire up Remote Desktop.

But, alas, this is not the case. Still floundering looking for the answer.
ASKER CERTIFIED SOLUTION
Avatar of ccomley
ccomley
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ccomley
ccomley
Flag of United Kingdom of Great Britain and Northern Ireland image
Oh - is your Sonicwall on Standard or Enhanced OS?  It makes a different to the rules!   (The good news is Standard is being phased out, so the difference will go away in another few months.)

Avatar of 214-042308
214-042308

ASKER

I'll check all these things and get back to the question. Appreciate you staying with it.
Avatar of 214-042308
214-042308

ASKER

Ok ccomley - you earned your points! After trying everything I could think of, I re-read your post #4 - while it was not dead-on, it did lead me in the right direction. After attempting a 3rd time to import the .RCF file, it somehow got it right. Then I set the firewall to turn off NAT and Firewall rules for VPN users only and voila! Works like a charm. Kudos.
Avatar of ccomley
ccomley
Flag of United Kingdom of Great Britain and Northern Ireland image
Glad you got there!