I had, few days ago, a particular request : a customer asked me to NAT RDP connection to a custom/specific/non standard port.
This customer has a very good product named Sophos UTM Firewall (version 9.3XX).
I worked with Sophos when it was Astaro....for several years, and my 20-25 customers were fully satisfied.
Anyway......it's easy as you can imagine but I would like to share the steps....maybe tomorrow you have to replicate this and you are too tired to think....you want only to follow (someday could happen)
In particular the customer's IT Dept. decided to change the default RDP port (and also SSH) from 3389 to 33389.
It is easy from Sophos point of view :
1. create the object specifying the internal IP address as shown below
2. create the custom protocol
3. create the NAT rule
4. Obviously you have to put the previously created protocolo on both box regarding service definitions (for RDP on server side you have to change a registry key to "tell" Windows to wait to a different port).
Be sure that you select "Automatic firewall rule" so the system will create for you the related firewall policy (that you can always check unihiding them on the related section)
A quick complication that it worth to mention it's related to a bunch of additional public IPs that you may have :
in this case you have to add to your network interface configuration. After this you have only add another object (network object) related to the previous public IP added.
Here below a screenshot of the section where you can add the new public IP in your firewall :
That's all !
No complications, no tricks, only the essential.
Hope this helps.
See you soon
No comments:
Post a Comment