Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Simba
New Contributor

DMZ for RDP Gateway

Greetings,

 

I am new to the fortigate firewall. I want to create a DMZ in which I will have RDP gateway server sit.

 

Admins while on the internal network and when on VPN should hit this RDP server to gain access to the server VLAN.

 

Kindly assist. Thanks

3 REPLIES 3
lgupta
Staff
Staff

Hello Simba,

Thank you for reaching out.

 

Please answer the following questions:
1. Can you confirm if RDP is enabled on the server? Please enable it

2. Do you have a windows firewall on the RDP server? Please disable it.

3. Are you able to ping the RDP server from the user workstation? Ping should be the first check to confirm connectivity.
4. Do you have a firewall policy on the Fortigate to allow RDP type traffic?

Thank you!

Best regards,

-lgupta



If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
AEK
Honored Contributor II

Hi Simba

You can proceed this way.

  • Enable ssl vpn server on FG, set it to listen on WAN interface 
  • Add firewall policy. Source: SSL-VPN. Destination: dmz/server-IP,. Service: RDP or HTTPS. Security profile: IPS/AV (default)
  • Add firewall policy. Source: dmz/server-IP. Destination: internal servers. Dervice: RDP. Security profile: IPS/AV (default)
AEK
AEK
KumarV
Staff
Staff

Hi @Simba 

1)You have to configure SSLVPN listening on WAN Interface.

2) Once you have the VPN setup then you would need firewall policy from SSLVPN to DMZ.

3) You might have to enable the NAT on the firewall policy if there is any sort of windows defender enable on that server to make it work.

4) For internal to DMZ you would need another firewall policy from internal to DMZ with service set to RDP.

 

Regards

Verender

 

Labels
Top Kudoed Authors