Quantcast
Channel: Sophos User Bulletin Board
Viewing all articles
Browse latest Browse all 14361

DNAT to RDP with Availability Group

$
0
0
I have set up a DNAT. This is used to connect to a Windows Terminal Server.

I have set up an Availability Group with 5 different hosts configured. These are all external addresses with 2 being the public address of business partners.

For some reason I am getting dropped packets from some of these hosts.

On the DNAT I have the following:

Position 1
Traffic Source = GP ALLOWED (This contains the hosts)
Traffic Service = Microsoft Remote Desktop (RDP)
Traffic Destination = EXTERNAL WAN (The address of the public addess of the TS Box)

NAT MODE = DAT (Destination)

Destination = INTERNAL TS SERVER
Destination Service = Microsoft Remote Desktop (RDP)

Log = enabled
Automatic Firewall = enabled

I have checked the addresses of the hosts in the access group. These match the address on the firewall logs.


The interesting thing is when I change the source to be ALL the DNAT works.

Am I missing something?

EDIT:

I am running an ASG120 and the latest version as of today (8.305)

On the Firewall Log I can see the clients that are allowed through indicates "fwrule=60021" action=log and the clients that are blocked have "fwrule=60001" action=drop

Is there some kind of default rule blocking this somewhere?

Viewing all articles
Browse latest Browse all 14361

Trending Articles