Skip to main content
yaronbeny7
yaronbeny7
New Member
December 30, 2015
Question

how can i port fowarding rdp to my firewall fortigate 80d

  • December 30, 2015
  • 3 replies
  • 12381 views

hello

i want to connect to my pc friom wan

so i need to open rdpport 3389

and i m not sure how to it

please help

    3 replies

    rwpatterson
    rwpatterson
    New Member
    December 30, 2015

    Before I reply, you should (and I hope already do) know that this is a very "not recommended" practice. MS RDP isn't the most secure protocol out there, and once the hacker has at your machine, everything else inside the network is susceptible.

     

    Now, with that said, you need to create:

    [ul]
  • a VIP rule with the outside interface, protocol and IP (or 0.0.0.0 for the wildcard)
  • a policy with the outside interface as the source and the VIP as the destination, service RDP (TCP 3389)[/ul]

    That's the nuts and bolts of it. Nothing too deep, but not something I would do if I cared about my data.

     

    Now, if you know what IP address you are connecting from, you could lock down both the VIP and policy to that IP address, so no one but that IP would even know the port has been mapped. That to me is an acceptable practice.

     

    My two cents.

    • yaronbeny7
    yaronbeny7Author
    New Member
    December 31, 2015

    Please see my Attached File.

    where exactly should configure it ? arrow 1 or arrow 2 ?

     

    rwpatterson
    rwpatterson
    New Member
    December 31, 2015

    Virtual IP (VIP) is the lower arrow (arrow 2, I assume)

    Policy is under Policy, the top arrow (arrow 1, I assume). You choose the IP version, V4 or V6. (probably V4)

    rwpatterson
    rwpatterson
    New Member
    January 11, 2016

    Having a destination of 'all' is not the same as a destination VIP. A VIP is a destination address translation. You need this to get RDP working (from the Internet with private addresses). Now, what you have posted should work if all the parts are set up correctly, but from the very short bit you posted, I cannot tell.

    Ramsho
    Ramsho
    New Member
    January 13, 2016

    Just look at Virtual ip's

    you can forward the port there (and outside ip address).

    Just dont forget to create a firewall policy after you created the VIP, to allow the traffic

    Terms & ConditionsAccessibility statement