Solved

Zywall USG 200

Posted on 2010-11-30
5
2,232 Views
Last Modified: 2012-05-10
I cant make my own service to run.

if i take a service by default SMTP i can port forward it and send and receive mail on my exchange. but if i try to setup a service RDP port 3389 i wont work? what it the problem?

i setup  NAT  and FIREWALL

0
Comment
Question by:itoffice
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 40

Expert Comment

by:noci
ID: 34246064
Can you show the relevant rules?

The NAT rules needs a WAN -> LAN or WAN-> DMZ rule depending on where the RDP server is. (LAN or DMZ)
0
 
LVL 17

Expert Comment

by:ccomley
ID: 34246147
This should work fine, I've done it many times, all sorts of "user defined" services.

Does the firewall log show anything when you attempt access?

Otherwise, as Noci says, pls show us the NAT and Firewall rules you've created.

0
 

Author Comment

by:itoffice
ID: 34345698
Hi,

Have have added a doc with the rules NAT and Firewall.... what is the problem? NAT.docx
0
 
LVL 40

Expert Comment

by:noci
ID: 34346753
Looks good to me.

The default gateway of the RDP server does point back to the firewall?
As debugging aid you can enable logging on the rule to see if it is hit.

Also on the system (HyverV_server) run wireshark with a filter on port 3389 and see if traffic comes in and if traffic goes out again....

As a side note:
Also if you have an address object (HyverV_server) that can also be used in the NAT rule...
Meaning that the NAT port forward & the firewall will allways change in unison.
Just update the address object & done.
0
 
LVL 17

Accepted Solution

by:
ccomley earned 500 total points
ID: 34358980
Those rules look OK - but check the rest of the firewall rules to make sure you don't have a higher rule blocking that port.

Try turning on LOGGING for that rule and see what is logged when you attempt the connection.

Or as noci says try putting wireshark on a test target. But if you don't want to put Wireshark and it's promiscuous driver on your main server, put it on a test machine and, for the duration of the test, either put the test machine on 1.100 or change the NAT and FW rule to the ip address of the test machine.

UNLESS you have a managed switch and can set up port mirroring so you can have a Wireshark equipped machine monitor the traffic to the USG or to the target server.

0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TCP Reset from Server 3 89
Cisco ASA 5510 Question 3 43
How to extreme from web browser to the internet 2 36
patch status tool - free 9 50
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question