Navigate
X
    coltrinit
  • 13 years ago
    • Categories: SonicWALL

Configuring SonicWall TZ210 and XP/Vista/7 client with RDP passthrough

Clients on your network may wish to work from home. While there are alternatives like GoToMyPC or LogMeIn, this is a free alternative. You will need spare public IP addresses that you can configure your domain’s DNS and your SonicWall to allow RDP traffic to clients on your LAN.

1. Ensure the client has RDP enabled. On the Windows PC, go to System Settings and then the Remote tab and make sure “any RDP client” is allowed access. Some of your clients may be using Macs and do not use Windows RDP clients. Also, it’s best to narrow down access to only particular user accounts (the user and administrator). Once RDP is enabled be sure to test connecting from a different client within your Local Area Network. If you can’t RDP into the client from within your LAN, you sure won’t be able to get to the machine remotely!

2. Go to your Domain Registrar and setup a sub domain for your user. In this example, I’m using my.1and1.com. Once logged in, click on “Domains”, then click on “New” and then “Subdomain”. Give the subdomain a friendly name. In this case I am using Julie.domainname.com. Once the subdomain has been added, place a checkmark next to the new subdomain, and then click on the DNS button dropdown and click Edit. Under Advanced DNS Settings -> IP Address (A-Record) : Change the radio button to “Other IP Addresses”. Enter in the Public IP address you want specified for the client. Make sure you record the IP address, because we will be using it again soon on the SonicWALL. As far as DNS replication is concerned, I’ve found that it takes place pretty quickly, if not 5 to 10 minutes for the new address to be resolved.

click image to enlarge

 

 

 

 

 

 

 

 

 

 

 

 

3. You should now see the entry along with the rest of your domain’s records. That should take care of the external DNS side of things.

Click Image to Enlarge

 

 

 

 

 

 

4. Now log into your SonicWALL and browse to Network -> Address Objects. Here we will create two new address objects. “Username_Computer Private”, and “Username_Computer Public”. Click on the Add… button.

— For Username_Computer Private use:

Name: Username_Computer Private

Zone Assignment: LAN

Type: Host

IP Address: (Internal IP Address 192.168…..)

— Click the Add… button again for Username_Computer Public:

Name: Username_Computer Private

Zone Assignment: WAN

Type: Host

IP Address: (External IP address you created in your Domain’s registrar)

5. Now that the Address Objects have been created, we can move on to Services. On the sonicwall, browse to Network -> Services.

Click on Add Group. In the Name field, type in “Username Computer Services”. Then find Terminal Services in the list on the left side of the screen, and add it to the right-hand pane and click OK. That’s it for this part.

6. Now we are going to add NAT policies for our Network. Browse to Network -> NAT Policies.

First we are going to want to add a Loopback policy which should look like the following:

click image to enlarge

 

 

 

 

 

 

 

 

 

 

 

 

Be sure to add a comment “Loopback for Username_Computer”

Next, we’ll add Private to Public Translation which will look like the following. Make sure your Outbound interface is your WAN interface, typically X1:

click image to enlarge

 

 

 

 

 

 

 

 

 

 

 

 

Next we’re going to do Public to Private Translation:

click image to enlarge

 

 

 

 

 

 

 

 

 

 

 

 

7. Lastly, we’re going to configure the firewall to allow traffic. Go to Firewall – Access Rules -> WAN to LAN which should have the following settings:

click image to enlarge

 

 

 

 

 

 

 

 

 

 

 

 

Action: Allow

From Zone: WAN

To Zone: LAN

Services: Username_Computer Services

Source: ANY

Destination: Username_Computer Public

Users allowed: All

Schedule: Always On

 

That should do it! You can now test by trying to RDP from any computer using the friendly subdomain name you setup with your domain’s registrar. If you are prompted for a username and password, your subdomain name and firewall are configured correctly.

Perhaps you may want to email your users the following instructions to assist them in connecting to their PC at work:

Greetings, you now have the ability to access your work PC from home. Before you try connecting for the first time, make sure you have the following:
1. A stable DSL, Cable, WiFi, Satellite, or 3G/4G internet connection (no dial-up).
2. A PC running at least: Windows XP with Service Pack 2 or Service Pack 3, Windows Vista, or Windows 7. To find the RDP client on a Windows PC, go to the Start button, then Programs, Accessories, Remote Desktop Connection.
3. A Mac with at least OSX and a Terminal Services (RDP) client. There are some free RDP clients like CoRD, or TSclientX that you can download and install on your Mac.
4. Up-to-date Anti-Virus protection.
If you’re going to access your work PC from your home PC, you will need to start up an RDP client on your home PC. Type in the friendly name for the PC at work for the “computer” name (give the user their friendly name somewhere in the email). For example, Scott would start an RDP session at home and use “Scott.DomainName.com” (without quotes) as the name of the computer he’s connecting into. When you’re prompted for your username and password, put in the domain name followed by a backslash and your username. In Scott’s case, the username is: DomainNameScottH. Then type in your password and click the Connect button. You may be prompted to login again. Simply login again using the same credentials you would normally use, as if you are sitting in front of your PC at work.
In our experience, there are some things to look out for when using Terminal Services:
1. You should only print to the printers connected to your PC at work. Trying to print to your printer at home may or may not work, and trying to do so may cause your session to hang or disconnect. If you have to print to your printer at home, you may want to email yourself the file. Also, trying to transfer files to and from your Home PC or Mac with your Work PC is slow and cumbersome. It’s best to leave work files on your PC at work.
2. Your session should stay active for long periods of time. If you are consistently losing your connection, you may need to speak to your ISP to see if there are interruptions in your service.
3. You can only RDP into your PC at work if it is powered up. PC’s at work that are set to sleep, hibernate, or shut down after a period of inactivity may not be accessible. If you plan on using your work PC from home, make sure it’s powered up and not set to automatically shutdown/sleep/hibernate.
“The Management”

 

 

Tags: firewallNATRDPSonicWALLterminal servicestranslationtz210
coltrinit: