Link to home
Start Free TrialLog in
Avatar of alex-2010
alex-2010

asked on

Blocking Microsoft remote desktop connection via Juniper firewall

We have a windows webserver running iis behind Juniper firewall. We like to Block admins  from using Microsoft remote desktop connection to this server from outside. Is it possible to make the blocking by Juniper firewall? we only permit admins to use the remote desktop from inside the company not from outside.
thanks
ASKER CERTIFIED SOLUTION
Avatar of microworx
microworx
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sibisteanu
sibisteanu

Go to Policy - Check the rules From Untrust to Trust for Service RDP (3389). If you find it disable.

You also you are the possibility to create a deny rule:
1. Define the service RDP if it is not yet created:
Go to Policy - Policy Elements - Services - Custom
Create a new service:
RDP      TCP src port: 1024-65535, dst port: 3389-3389

2. In the Policy select From: Untrust - To: Trust and click: New
Source Address – ANY
Destination Adress – ip of the server
Service: RDP
Action: Deny
Avatar of alex-2010

ASKER

if i block 3389, admins can use Microsoft remote desktop connection via http can't they?
If you make a rule for the outside area this will not affect internal connection. Do not block RDP from the inside lan.
Juniper work with the “zone” not the “interface”. Block the traffic for the zone with the interface connected to the internet. Permit the traffic for the zone with the interface connected to local lan.
Avatar of DIPRAJ
you can do one thing create a host.. for the preferred ip and make a dedicated rule for the same.. if possible allow all port except netbios