Watchguard Firebox x550e

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,

Long story short the firewall at my office wasn't up to much, so I invested in the Watchguard Firebox x550e.

I've got it up and running, and im pretty impressed. Although being a beginner in this area, Im having trouble allowing incoming RDP Connections through to our network. It worked on the old firewall but was setup yonks ago by someone else!

I've had a look around and tried to get my head around how to do it, but its really not clear. Could anyone help me with the basic steps needed to complete this?

Thanks

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I can't remember now myself but if you have set up the Watchguard account correctly then you should be able to login on their site and run thru one of their tutorials (which are very good). The 550's are great machines

 

Yeah have a had a good look through the tutorials, loads of interesting stuff on there but I cant seem to get what im looking for. Loads of stuff on VPN's etc, but I was hoping for just something along the lines of opening a port, and allowing traffic through to a certain server. I dont know why im assuming Port Forwarding would be involved?

Apologies if this is a silly question, but im actually going a little insane looking at it lol.

 

It's been about 4 yrs since I had to touch one of these as I employed guys who did it at client sites.

Last resort - drop the Watchguard support people an email. They are very good at answering.

 

Hmmn, just off out so no time to check but you may fnd something here : http://www.tek-tips.com/faq.cfm?pid=872

 

Thanks mate, i'll have a look! Cheers for your help

 

I've used Firebox's quite a bit - which version of WSM are you using?

 

10.2

 

Cool, I'm on 10.2 also. So the steps I'd take to allow RDP are:

1. Open WSM

2. File > connect to device (obviously enter the IP and passphrase for your firebox)

3. Right Click on the device and select Policy Manager

4. Click the + icon to add a policy

5. Expand Packet Filters and select RDP, then Add

6. Set up the From and To Rules (for example lets say you wanted to allow Incoming RDP connections from any public IP to your firebox public IP NAT'ing to internal IP 10.0.0.1)

In the From box Remove the default Any Trusted.
Click Add
Select Any-External
Select Add > OK

In the To Box remove the default Any-External
Select Add
Select Add NAT
Type = Static NAT
External IP = Your Firebox IP
Internal IP = 10.0.0.1
Click OK twice

7. Give Your Policy a Name (You can add comments and set up additional logging in properties)

8. Select OK then Close to get back to the main Policy Manager screen

9. Select File > Save > To Firebox (obviously backing up your original config to a different filename prior to this)

Enter your write passphrase, then thats it job done.

At this point I should add it's probably not the best Idea to allow RDP incoming unless you at least restrict it to specific IP addresses. VPN would be a better option, if you need any help setting it up just PM me

Hope this helps

 

Thats brilliant BrizoH, a great help - thank you

Im going to print that off and have ago in a second, i'll post back with how I get on!

 

Right then!

I've had a look through and gone through the steps, the only bit thats different is on the "To" Box. I do the following...

Type = Static NAT
External IP = It doesn't let me specify an IP, it just says "External" or "Any-External"
Internal IP = Lets me input fine.

I dont know how much effect that will have on whether it works or not? Is there any way I can test it from inside the office the firewall protects? I imagine remote connecting to the same IP your coming from may stop it from working?

Thanks

 

In that case you can just specify External as the External IP - this will be your firewalls public IP that's NAT'ed.

If you have a range of IP's you can enable them for use on the firebox in Network > Configuration. How you do it depends if your Firebox is configured in Drop In or Routed mode

Unfortunately there's no way to test internally, that I know of

 

Glad you got it sorted guys

 

I done that and tested it from home, works fine. Thanks for the help guys!

I may been asking for help with the VPN at a later date as well.. so watch this space! Lol.

Thanks again guys.

 

No problem at all, glad to help