Solved

Zywall USG 200

Posted on 2010-11-30
5
2,238 Views
Last Modified: 2012-05-10
I cant make my own service to run.

if i take a service by default SMTP i can port forward it and send and receive mail on my exchange. but if i try to setup a service RDP port 3389 i wont work? what it the problem?

i setup  NAT  and FIREWALL

0
Comment
Question by:itoffice
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 40

Expert Comment

by:noci
ID: 34246064
Can you show the relevant rules?

The NAT rules needs a WAN -> LAN or WAN-> DMZ rule depending on where the RDP server is. (LAN or DMZ)
0
 
LVL 17

Expert Comment

by:ccomley
ID: 34246147
This should work fine, I've done it many times, all sorts of "user defined" services.

Does the firewall log show anything when you attempt access?

Otherwise, as Noci says, pls show us the NAT and Firewall rules you've created.

0
 

Author Comment

by:itoffice
ID: 34345698
Hi,

Have have added a doc with the rules NAT and Firewall.... what is the problem? NAT.docx
0
 
LVL 40

Expert Comment

by:noci
ID: 34346753
Looks good to me.

The default gateway of the RDP server does point back to the firewall?
As debugging aid you can enable logging on the rule to see if it is hit.

Also on the system (HyverV_server) run wireshark with a filter on port 3389 and see if traffic comes in and if traffic goes out again....

As a side note:
Also if you have an address object (HyverV_server) that can also be used in the NAT rule...
Meaning that the NAT port forward & the firewall will allways change in unison.
Just update the address object & done.
0
 
LVL 17

Accepted Solution

by:
ccomley earned 500 total points
ID: 34358980
Those rules look OK - but check the rest of the firewall rules to make sure you don't have a higher rule blocking that port.

Try turning on LOGGING for that rule and see what is logged when you attempt the connection.

Or as noci says try putting wireshark on a test target. But if you don't want to put Wireshark and it's promiscuous driver on your main server, put it on a test machine and, for the duration of the test, either put the test machine on 1.100 or change the NAT and FW rule to the ip address of the test machine.

UNLESS you have a managed switch and can set up port mirroring so you can have a Wireshark equipped machine monitor the traffic to the USG or to the target server.

0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question