• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 393
  • Last Modified:

How Does this happen? Remote Desktop MSTSC connects to SonicWall WAN address and then straight to our Terminal Server

We have a SonicWall TZ210, a Domain, a LAN with a Terminal Server and all works rather well.

Recently we distributed some laptops to our field staff and I installed SonicWall GVPN clients so they could log in to the SonicWall, authenticate as a SonicWall user, get a virtual local IP and run MSTSC to access our Terminal Server.
All that works PERFECTLY.

A few weeks later to my GREAT SURPRISE the notebook users tell me they no longer use the GVPN client because they can type in the WAN Address of the SonicWall ( which they read from the gvpn setup) IN  MSTSC and it then simply prompts for their Domain user credentials and pops them right into the Terminal Server.

While I am not a complete newbie to SonicWalls ( I support 5 of them around town) I was surprised and would like some more experienced SonicWall users to comment or give me some insight as to what is allowing this to happen.
  • 2
1 Solution
Is the FW port forwarding to the terminal server? That what it sounds like it is doing.
azpeteAuthor Commented:
Yes, I just spoke with the IT person who first setup the Sonicwall and he informed me that originally they did that for convenience of a vendor.  
I can look at where that happens in the FW but it does appear to be one step LESS secure.
Agreed ?
Yes, it is one step less secure. I would always require the users to VPN into the network first and then remote to a server from there. I even use this same design for my home network. Minimum ports open from the external side.
Blue Street TechLast KnightsCommented:
Hi azpete,

Agreed. Even if you lock down the Source IPs you are still susceptible to man-in-the-middle attacks. With VPN access for your vendors you can then terminate access whenever, explicitly control what they have access to and even setup a schedule to allow access only at specific times.

Let me know if you have any other questions!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now