Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
davidinark
New Contributor

Google Remote Desktop?

We are a Google Apps shop and are trying to roll out Google Remote Desktop. I can connect to other sites/sessions, but I cannot seem to SHARE desktops from within our organization. We have a Fortigate 300C. I am not sure what policies I need to edit, nor where they would go, in order to make this work. Any ideas? According to Google, I should do the following, but I haven' t messed with specific port assignments in my Fortigate in this manner, so I appreciate any help! Thanks! Check your firewall settings Your computer' s firewall may be configured in a way that doesn' t let the app work properly. Verify that your firewall permits outbound UDP traffic, permits inbound UDP responses, and allows traffic on TCP ports 443 (HTTPS) and 5222 (XMPP).
4 REPLIES 4
rwpatterson
Valued Contributor III

Unless they specify a UDP port or port range, I would hesitate to roll that out. HUGE security hole, in my opinion.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
davidinark
New Contributor

Thanks. I tried opening OUTSIDE > INSIDE all, all, all and it still didn' t work so obviously I have something else going on. Lovely.
rwpatterson
Valued Contributor III

That will only work if you use public addresses on the inside and they are routeable. No way to get to private inside addresses unless you use a virtual IP address.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
rmorley
New Contributor

So this is possible, I have done it. The way it works, is you configure your desktop first. That configures an instance of chrome to run as a service on the desktop. That service needs 80,443, and 5222 outbound to googles servers. The easiest way to find the correct protocols and port numbers for me, is to create an allow all outbound rule for the desktop, and watch the sessions on the firewall. That' s how I found out about 5222 (I think it was udp). This is just as much as a security hole as gotomypc is, or any other remote desktop. I would be most concerned about a mischievous person installing it on someone elses computer and being able to remote others. But I work for a school district where we have teenagers!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors