Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yaronbeny7
New Contributor

how can i port fowarding rdp to my firewall fortigate 80d

hello

i want to connect to my pc friom wan

so i need to open rdpport 3389

and i m not sure how to it

please help

8 REPLIES 8
rwpatterson
Valued Contributor III

Before I reply, you should (and I hope already do) know that this is a very "not recommended" practice. MS RDP isn't the most secure protocol out there, and once the hacker has at your machine, everything else inside the network is susceptible.

 

Now, with that said, you need to create:

[ul]
  • a VIP rule with the outside interface, protocol and IP (or 0.0.0.0 for the wildcard)
  • a policy with the outside interface as the source and the VIP as the destination, service RDP (TCP 3389)[/ul]

    That's the nuts and bolts of it. Nothing too deep, but not something I would do if I cared about my data.

     

    Now, if you know what IP address you are connecting from, you could lock down both the VIP and policy to that IP address, so no one but that IP would even know the port has been mapped. That to me is an acceptable practice.

     

    My two cents.

  • Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    yaronbeny7

    Please see my Attached File.

    where exactly should configure it ? arrow 1 or arrow 2 ?

     

    rwpatterson
    Valued Contributor III

    Virtual IP (VIP) is the lower arrow (arrow 2, I assume)

    Policy is under Policy, the top arrow (arrow 1, I assume). You choose the IP version, V4 or V6. (probably V4)

    Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    yaronbeny7

    Hello 

    i Create a Rule for rdp but it is not working.

    How Can I to Diagnose This Issue ?

    yaronbeny7

    What is Externall IP address range  ?( see attached file) .

    and what i need to type on mapped ip address range ?

    In my case -  the server ip addess (that i need to connect via rdp) is 10.0.0.18 and i want to do it from everywhere in the world.

    so what i need to type at "externall ip adderess" and "mapped ip address range ".

     

    yaronbeny7

    did you mean a internal ip of wan1 ? the ip i got from the isp ?

    rwpatterson
    Valued Contributor III

    Having a destination of 'all' is not the same as a destination VIP. A VIP is a destination address translation. You need this to get RDP working (from the Internet with private addresses). Now, what you have posted should work if all the parts are set up correctly, but from the very short bit you posted, I cannot tell.

    Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    Ramsho
    New Contributor

    Just look at Virtual ip's

    you can forward the port there (and outside ip address).

    Just dont forget to create a firewall policy after you created the VIP, to allow the traffic

    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors