- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Probably a dumb question, use Fortigate Client and Fortigate to RDP back out to WAN Windows Server
I am not permitted to access my data center from outside the country, but I can use my Fortigate with Forticlient IPSEC to access a machine inside my LAN and then RDP to servers in the data center. Is it possible to configure the Fortigate itself to do Windows Remote Desktop Connections using the LAN IPs? That would eliminate the need to rely on any LAN machines being up.
Thanks,
Ben
- Labels:
-
FortiClient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I Think you cannot do that directly. However you could do VIP to access it via WAN Interface. BUt that's highly insecure and not recommended here. As you said you can do VPN to your FortiGate. In that case all you need is split tunneling (otherweise ALL your traffic will go over the VPN) and some policy that allows rdp from vpn to the server(s).
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ben
Good day.
Since you are connected to IPSEC dialup remote VPN, you can directly RDP to your Server from external computer. All you need to do is make sure that you have firewall policy and correct routing on Fortigate and on your Server.
Network / Flow:
VPN Client >> IPSEC remote VPN >> Fortigate >> LAN >> Server
Firewall Policy:
Source Interface : IPSEC remote VPN
Destination Interface : LAN
Source IP : Remote VPN subnet
Destination : Server IP
Service : ALL (or specific RDP)
NAT : ** depending on your routing. If the server only knows about the LAN network, you need to enable it. If it have routing towards your VPN subnet, it can be disable
Arnold Dimailig
TAC Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks guys, I will experiment with this.
