In this example, we will configure the Vigor2860 router firewall to allow RDP access to a host on the LAN from one device on the Internet. We will use Objects to allow the computer “MyPC” to use RDP to access the host “PC1”.
Image may be NSFW.
Clik here to view.
Step 1: Configure Port Redirection
1. Go to NAT>>Port Redirection and select the first index.
Image may be NSFW.
Clik here to view.
a. Select enable to activate this profile.
b. Enter Service Name as (e.g RDP).
c. Enter Public Port as (e.g 514).
d. Enter Private IP address which is PC1’s IP address (192.168.1.11).
e. Enter Private Port as RDP Port (3389).
f. Click OK to save your settings.
Image may be NSFW.
Clik here to view.
Step 2: Create Objects
1. Create Object for “MyPC".
a. Go to Object Settings>>IP Object and select the first index.
Image may be NSFW.
Clik here to view.
b. Enter Name as “MyPC”.
c. Select Address Type as Single Address.
d. Enter “MyPC” public IP address.
e. Click OK to save your settings.
Image may be NSFW.
Clik here to view.
2. Create Object for PC1
a. Select the 2nd index.
Image may be NSFW.
Clik here to view.
b. Enter Name as PC1.
c. Select Address Type as Single Address.
d. Enter PC1 private IP address (192.168.1.11).
e. Click OK to save your settings.
Image may be NSFW.
Clik here to view.
3. Create Object for RDP Port.
a. Go to Object Settings>>Service Type Object and select the first index.
Image may be NSFW.
Clik here to view.
b. Name the Profile as “RDP".
c. Select Protocol as “TCP".
d. Enter Destination Port as RDP port (3389~3389).
e. Click OK to save your settings.
Image may be NSFW.
Clik here to view.
Step 3: Create Firewall Filters
1. Create filter rule that will block all RDP traffic if no other filter rule will match this rule.
a. Go to Firewall>>Filter Setup, select Filter Set 2 and then Filter Rule 2.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
b. Select “Check to enable the Filter Rule”.
c. Enter Comments as “e.g., Block_All_RDP”
d. Select direction from WAN to LAN/DMZ/VPN
e. Select “any” for Source IP.
f. Select “PC1” object for Destination IP.
g. Select “RDP” object for Service Type.
Image may be NSFW.
Clik here to view.
h. Under Action/Profile, select “Block if no further match”.
i. Click OK to save your settings.
Image may be NSFW.
Clik here to view.
2. Create filter rule that will only allow MyPC to access PC1 remotely using RDP.
a. Select Filter Rule 3.
Image may be NSFW.
Clik here to view.
b. Select “Check to enable the Filter Rule”.
c. Enter Comments as “e.g Allow_RDP_MyPC”.
d. Select direction from WAN to LAN/DMZ/VPN.
e. Select “MyPC” object for Source IP.
f. Select “PC1” object for Destination IP.
g. Select “RDP” object for Service Type.
Image may be NSFW.
Clik here to view.
h. Under Action/Profile, select “Pass Immediately”.
i. Click OK to save your settings.
Image may be NSFW.
Clik here to view.
Step 4: Testing
a. Use Windows Run to launch the Remote desktop application.
Image may be NSFW.
Clik here to view.
i. Enter the public IP address and port number of PC1.
ii. Use a different computer to test the firewall policies.
b. Repeat step 1 and 2
Image may be NSFW.
Clik here to view.