This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
NAT Configuration to access Remote Desktop
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- NAT Configuration to access Remote Desktop
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
NAT Configuration to access Remote Desktop
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-22-2019 04:09 AM
Hi,
We need to configure an input rule to authorize an public IP address to access at one of our virtual machine on our subnet.
Concretely, I need to authorize public IP address 195.193.194.195 access directly to our virtual machine with the private IP 192.168.1.1 on the port 3389 (Remote Desktop) only via our public IP address (82.83.84.85).
I configured a NAT rule but it didn't work. May be I doing something wrong ?
Can you help us about this topic ?
Thank you for your help.
10 REPLIES 10
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-22-2019 05:51 AM
This is a "quick" solution to the problem, but I would seriously look at getting GlobalProtect in a good working state to allow Vendor solutions access to select machines rather than a NAT solution. You already have GlobalProtect exposed to the outside and this solution is just adding another entry point into your network. It might be secure by a source address, but one small configuration mistake would open it up to anyone.
Just my two cents, clearly either is a viable solution.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-22-2019 06:06 AM
Thanks for your advices. We need to grant access to partner this week so I need a quick solution. But we are aware that is a dirty solution and we need to more secure our GlobalProtect access in the future.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-22-2019 02:40 PM
Hello,
RDP is unsecure and I do not recommend you use it over the internet. Please use a secure channel like one Bpry suggeted.
Regards,
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-23-2019 01:09 AM
I reconsider my position and you're wright, it's so dangerous to expose RDP on Internet.
So, I search other solution without VPN (for the moment). May be a VNC solution.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-23-2019 06:28 AM
Finally, I think to segregate subnets ont my GlobalProtect configuration but I have a question : Can I apply different segregation by users or users group ?
Related Content
- Global protect VPN disconnecting multiple times in GlobalProtect Discussions
- No Super User to authorise my Support Portal account in General Topics
- Radius authentication not working in General Topics
- update-remote-system command not getting triggered in Cortex XSOAR Discussions
- Civil3D 2023 and Global Protect in General Topics
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks