I am new in handling firewall. We use juniper before (i did not setup).
Before we can remote access (remote desktop protocol) our network. I would like to setup that kind of connection again.
Before on the remote desktop connection, we just put IP Address:port number + domain account (authentication).
How to setup like that?
Most likely your policy should look like this:
From source zone
to destination zone
service: a service object containing the appropriate port(s) for your rdp
profile: security profiles to scan your sessions for malicious content
Do you already have GlobalProtect configured to actually allow users to VPN into the network, or was your Juniper simply setup with NAT statements to direct traffic to the proper desktop from the outside?
Generally for something like this you would setup GlobalProtect for allowing remote access into the network, and then your RDP port would actually be left alone and everyone would simply RDP to the hostname or the IP assigned to the host of their workstation. If you are using random RDP ports on the machines, then what @reaperPANgurus has listed would need to be done to actually allow that access since you are not using the standard ports for the ms-rdp app-id.
If you were going to your Public IP address on specific ports to access your machine remotely, I would really recommend you switch to having users VPN into the network instead of opening up these ports for outside access. While the Palo Alto is perfectly capable of mimicing this configuration, if this is what you were doing, it is by no means a secure configuration at all.
I tried to copy the policy as much as possible.
but I have some concern. (Sorry I am new to Palo Alto)
In the picture you send
zone: the is no "local". I can only choose from access, external, internal, ISP2, Trust, untrust. I not sure if I can create local. and if I can i dont know how.
zone: same as above I do have remote. Only the the listed choices was there.
Address: I only want an specific IP address where the client PC can connect. Where will I input it at Source address or Destionation address?
I created a service. Please check if my setting is correct.
Destionation Port: 12345 (sample only)
Source Port: blank
Also I tested.
Source zone: internal
Destination zone: access
address: any for both.
and i have this msg.
I have read some items about globalprotect but I still dont understand how it works or how to configure.
Im new to this Palo Alto..
Im not the one who setup the Juniper so I dont know.
Is you could help me to find a step by step insturction how to remote my server. It will be a big help.
zones can be given any name you like to best reflect a topology that makes sense to you
in my lab i have my internal zone and my external zone, which makes it easier to illustrate what is where but you can have very different zones (dmz, lan, wan, ...). You can configure/review your zones in Network > Zones
I created the "getting started series" a while ago, you may want to check it out as it'll help you understand some concepts
your service looks perfect
the error message indicates you created a security policy that would allow sessions to flow between two incompatible interfaces
one of your zones is attached to a layer3 interface while the other is connected to a vwire, which is a "bump in the wire" directly between two interfaces
Please have a look at the getting started series and let me know if something is not clear yet
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!