I want to restrict traffic to RDP. When I save the rule, it still passes traffic on all ports. This issue is not restricted to RDP, any other port selection is also not saved.
See the attached screenshots.
You have to fill in from and to port.
Or only from I think.
Cheers,
Franco
Correct, from will somehow copy itself to to :-)
Quote from: franco on August 11, 2020, 03:46:44 PM
Or only from I think.
Cheers,
Franco
Ha-ha, thanks! My inattentiveness bites again! Somehow I mistook "from" as "source port". Shame on me.
No worries, was confused for a second there too :)
You need to specify destination host, otherwise incoming RDP traffic from designated source (which are set to be all IPs which begin as 10.200.1) will be forwarded to next available RDP server within the network, which is something that can be exploited.
You must always specify destination host even with LAN to LAN connections. Source address is needed, if you want to allow connection from specific source IP or specific network.
If you mean to have multiple machines with RDP enabled in your LAN, and you want to allow access only within same LAN, then you don't need to create firewall rule for it (Devices within same network are always able to communicate with each other, you only need to add LAN rules, when you want to restrict LAN).
If you have multiple LANs on your firewall and want to allow only RDP connection between 2 separate networks, then you can create a rule like that, but I much rather would create VLAN, static route and add block rule for webgui, ICMP etc. for it.
You are correct, the rules should be defined as narrow as possible. I left "any" in the rule to take a screenshot withot exposing the server IP.