Solved

Zywall USG 200

Posted on 2010-11-30
5
2,221 Views
Last Modified: 2012-05-10
I cant make my own service to run.

if i take a service by default SMTP i can port forward it and send and receive mail on my exchange. but if i try to setup a service RDP port 3389 i wont work? what it the problem?

i setup  NAT  and FIREWALL

0
Comment
Question by:itoffice
  • 2
  • 2
5 Comments
 
LVL 40

Expert Comment

by:noci
ID: 34246064
Can you show the relevant rules?

The NAT rules needs a WAN -> LAN or WAN-> DMZ rule depending on where the RDP server is. (LAN or DMZ)
0
 
LVL 16

Expert Comment

by:ccomley
ID: 34246147
This should work fine, I've done it many times, all sorts of "user defined" services.

Does the firewall log show anything when you attempt access?

Otherwise, as Noci says, pls show us the NAT and Firewall rules you've created.

0
 

Author Comment

by:itoffice
ID: 34345698
Hi,

Have have added a doc with the rules NAT and Firewall.... what is the problem? NAT.docx
0
 
LVL 40

Expert Comment

by:noci
ID: 34346753
Looks good to me.

The default gateway of the RDP server does point back to the firewall?
As debugging aid you can enable logging on the rule to see if it is hit.

Also on the system (HyverV_server) run wireshark with a filter on port 3389 and see if traffic comes in and if traffic goes out again....

As a side note:
Also if you have an address object (HyverV_server) that can also be used in the NAT rule...
Meaning that the NAT port forward & the firewall will allways change in unison.
Just update the address object & done.
0
 
LVL 16

Accepted Solution

by:
ccomley earned 500 total points
ID: 34358980
Those rules look OK - but check the rest of the firewall rules to make sure you don't have a higher rule blocking that port.

Try turning on LOGGING for that rule and see what is logged when you attempt the connection.

Or as noci says try putting wireshark on a test target. But if you don't want to put Wireshark and it's promiscuous driver on your main server, put it on a test machine and, for the duration of the test, either put the test machine on 1.100 or change the NAT and FW rule to the ip address of the test machine.

UNLESS you have a managed switch and can set up port mirroring so you can have a Wireshark equipped machine monitor the traffic to the USG or to the target server.

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco AP to get ip from DHCP 10 75
IPv6 NAT to IPv4 27 49
ISP Change 14 51
Port not opening complex Huwaei Router - Sonicwall - Airport extreme 32 35
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question