?
Solved

Zywall USG 200

Posted on 2010-11-30
5
Medium Priority
?
2,248 Views
Last Modified: 2012-05-10
I cant make my own service to run.

if i take a service by default SMTP i can port forward it and send and receive mail on my exchange. but if i try to setup a service RDP port 3389 i wont work? what it the problem?

i setup  NAT  and FIREWALL

0
Comment
Question by:itoffice
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 40

Expert Comment

by:noci
ID: 34246064
Can you show the relevant rules?

The NAT rules needs a WAN -> LAN or WAN-> DMZ rule depending on where the RDP server is. (LAN or DMZ)
0
 
LVL 17

Expert Comment

by:ccomley
ID: 34246147
This should work fine, I've done it many times, all sorts of "user defined" services.

Does the firewall log show anything when you attempt access?

Otherwise, as Noci says, pls show us the NAT and Firewall rules you've created.

0
 

Author Comment

by:itoffice
ID: 34345698
Hi,

Have have added a doc with the rules NAT and Firewall.... what is the problem? NAT.docx
0
 
LVL 40

Expert Comment

by:noci
ID: 34346753
Looks good to me.

The default gateway of the RDP server does point back to the firewall?
As debugging aid you can enable logging on the rule to see if it is hit.

Also on the system (HyverV_server) run wireshark with a filter on port 3389 and see if traffic comes in and if traffic goes out again....

As a side note:
Also if you have an address object (HyverV_server) that can also be used in the NAT rule...
Meaning that the NAT port forward & the firewall will allways change in unison.
Just update the address object & done.
0
 
LVL 17

Accepted Solution

by:
ccomley earned 2000 total points
ID: 34358980
Those rules look OK - but check the rest of the firewall rules to make sure you don't have a higher rule blocking that port.

Try turning on LOGGING for that rule and see what is logged when you attempt the connection.

Or as noci says try putting wireshark on a test target. But if you don't want to put Wireshark and it's promiscuous driver on your main server, put it on a test machine and, for the duration of the test, either put the test machine on 1.100 or change the NAT and FW rule to the ip address of the test machine.

UNLESS you have a managed switch and can set up port mirroring so you can have a Wireshark equipped machine monitor the traffic to the USG or to the target server.

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses
Course of the Month14 days, 16 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question