Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Joekanan
New Contributor

Remote Desktop Problems

Hi,

I Just configure my fortinet 110 C for RDP by this steps :

1. Create the virtual Ip by the configuration :

    Name : RDP001

    External Interface : wan1

    Type : Static NAT

    External IP Address/ Range : xxx.xxx.xx.77

    Mapped IP Address/Range : 10.100.6.17

    Port Forwarding (Checked)

    Protocol : TCP

    External Service Port : 3389

    Map to Port : 3389

 

2. Create FTP

     Name : FTP001

    External Interface : wan1

    Type : Static NAT

    External IP Address/ Range : xxx.xxx.xx.77

    Mapped IP Address/Range : 10.100.6.17

    Port Forwarding (Checked)

    Protocol : TCP

    External Service Port : 21

    Map to Port : 21

 

3. Create VIP Group

    Group Name : RDP_Group

    Member : RDP001, FTP001

 

4. Create Policy :

    Source Interface/Zone : wan1

    Source Address  : all

    Destination Interface/Zone : wan1

    Destination Address : RDP_GROUP

    Schedule : Always

    Service : Any

    Action : Accept

    Log Allowed Traffic (checked)

    NAT (Enable NAT (Checked))

 

Seems there's no problems but When I try to call it from web it's go the firewall login form, and when I try to call the IP from RDP from another PC the RDP only said remote desktop cannot connected because : 1. RDP not enable,2.turn off, etc..

I try to call it from local PC with local connection it doesn't have those problems..

 

Does anyone can help?

 

thanks,

 

Joe

 

 

 

 

 

 

 

2 REPLIES 2
ede_pfau
SuperUser
SuperUser

hi,

 

and welcome to the forums.

 

some ideas:

1- in the incoming policy the destination interface is 'internal' or 'lan' or whatever the interface is called to which your server is attached. In any case, it's not 'wan'.

2- you could do yourself a favor and do NOT select port forwarding (and protocol). This way, you only need one VIP, and you can test the server connection by pinging it (which is not possible when port forwarding). Narrow down security in the policy, services.

3- Don't tick 'NAT' in the policy, it's not needed here. It would exchange the external address of the client with the interface's internal address, thus hiding it. Your default route will take care that the return traffic hits the WAN interface.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Dalxas

For sure an annoying but rare occurrence. Had it with my last RDP provider and had to change him. I usually use RDP since it allows me to be much more flexible when it comes to remote work and now with the pandemic, and the lockdowns I haven't been able to hit the office as much as I should. The main reason is that I am in the vulnerable categories of people that should be really careful with the virus, and my boss has allowed me to work from home without any restrictions. On the other hand my line of work is really confidential, so we had to buy dedicated server in order to feel safe against any cyber threats.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors