We currently have 8 RDP servers (XP machines) that should be available to a specific external IP address. For testing, I allowed all external addresses in my firewall policy for 1 of these 8 machines. Each of these 8 PCs has a 1:1 NAT policy in our old firewall (Sonicwall), which was done in groups. So, I would configure an address object representing 10.1.1.2-10.1.1.9 internally, and another object representing 188.8.131.52-200.200.20
0.210. I cannot find a way to do this in Forefront.
I spoke briefly with a MS support tech, and he mentioned that network policies are not required for server publishing, only firewall policies. I am seeing connections that are listed as "successful" but their infomation reads "The connection attempt was borted when the client ent a RST packet".
While researching this issue, I stumbled on this utility:
That made me wonder if maybe the issue is that my published servers aren't responding via the same IP that they are listening? So, if I RDP to 184.108.40.206 and that's NAT'd (published) to 10.1.1.4, maybe the RDP server is responding on 220.127.116.11, or worse yet, my primary ISP interface (the 1:1 NAT is supposed to be on my secondary interface).
Anybody have experience with this?