Solved

Zywall USG 200

Posted on 2010-11-30
5
2,227 Views
Last Modified: 2012-05-10
I cant make my own service to run.

if i take a service by default SMTP i can port forward it and send and receive mail on my exchange. but if i try to setup a service RDP port 3389 i wont work? what it the problem?

i setup  NAT  and FIREWALL

0
Comment
Question by:itoffice
  • 2
  • 2
5 Comments
 
LVL 40

Expert Comment

by:noci
ID: 34246064
Can you show the relevant rules?

The NAT rules needs a WAN -> LAN or WAN-> DMZ rule depending on where the RDP server is. (LAN or DMZ)
0
 
LVL 17

Expert Comment

by:ccomley
ID: 34246147
This should work fine, I've done it many times, all sorts of "user defined" services.

Does the firewall log show anything when you attempt access?

Otherwise, as Noci says, pls show us the NAT and Firewall rules you've created.

0
 

Author Comment

by:itoffice
ID: 34345698
Hi,

Have have added a doc with the rules NAT and Firewall.... what is the problem? NAT.docx
0
 
LVL 40

Expert Comment

by:noci
ID: 34346753
Looks good to me.

The default gateway of the RDP server does point back to the firewall?
As debugging aid you can enable logging on the rule to see if it is hit.

Also on the system (HyverV_server) run wireshark with a filter on port 3389 and see if traffic comes in and if traffic goes out again....

As a side note:
Also if you have an address object (HyverV_server) that can also be used in the NAT rule...
Meaning that the NAT port forward & the firewall will allways change in unison.
Just update the address object & done.
0
 
LVL 17

Accepted Solution

by:
ccomley earned 500 total points
ID: 34358980
Those rules look OK - but check the rest of the firewall rules to make sure you don't have a higher rule blocking that port.

Try turning on LOGGING for that rule and see what is logged when you attempt the connection.

Or as noci says try putting wireshark on a test target. But if you don't want to put Wireshark and it's promiscuous driver on your main server, put it on a test machine and, for the duration of the test, either put the test machine on 1.100 or change the NAT and FW rule to the ip address of the test machine.

UNLESS you have a managed switch and can set up port mirroring so you can have a Wireshark equipped machine monitor the traffic to the USG or to the target server.

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Problems with VOIP phones and Comcast Business internet connection 27 122
assignment of laptops - risks 6 83
GPS For Commercial Vehicles 10 20
Citrix App 7 23
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question