ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

how do you guys RDC many machines on a FW?



  Rav4
have a sonic firewall and have 10 users who need to RDC to their machines.

How would you go about it ?
 
  A3 1.8T
Log in to the Sonic wall(normally the default gateway - cmd -> ipconfig) once logged in their should be a menu on the side which has VPN on it. i think that you have to set it up there.

Allthough im only a trainee so not 100% sure
 
The only way to do it to individual machines, is to get each person to VPN in first (PPTP probably), then RDP to their internal IP/computer name.
Unless you have 10 spare public IPs lying around you can assign PC too? (but this is a major waste of IP space, and obviously you're opening up probably XP machines on RDP to the world)
 
  Rav4
the way it's set up at the moment is the FW forwards the port to the internal IP of each machine.....

i.e xxx.xxx.xxx.xxx:3889 > 192.168.0.100
xxx.xxx.xxx.xxx:3890 > 192.168.0.101

however, this is not tidy, opens 10 ports up = less safe.

I have 15 ip's, 13 spare, but don't want to go down that route.

using the ports like this, means that each machine's registry has been hacked, to change the listening port.

Terminal services lol, not for this guys,.

VPN , thought about it, but not done that before......

I have 81 users, 10 in one department don't use Citrix..... so they use their own server, otherwise this would be easy.

:)

Sirius is what everyone else uses. (citrix over HTTPS basically)
 
  1.4 Clio Alize, Volvo S40
you can set up a port forward to the machines with 1 external address and then rdp to it like this 82.33.32.103:3390 where you've forwarded port requests for 3390 from outside to a specifc machine. You do have to modify the windows firewall on each machine though so u open up that port for rdp using 'internal & external' ports on the windows firewall, the external one is the one you chose (in this case 3390) but the internal one is 3389 as thats the port that the machien is looking for rdp requests on
 
the way it's set up at the moment is the FW forwards the port to the internal IP of each machine.....

i.e xxx.xxx.xxx.xxx:3889 > 192.168.0.100
xxx.xxx.xxx.xxx:3890 > 192.168.0.101

however, this is not tidy, opens 10 ports up = less safe.

I have 15 ip's, 13 spare, but don't want to go down that route.

using the ports like this, means that each machine's registry has been hacked, to change the listening port.

Terminal services lol, not for this guys,.

VPN , thought about it, but not done that before......

I have 81 users, 10 in one department don't use Citrix..... so they use their own server, otherwise this would be easy.

:)

Sirius is what everyone else uses. (citrix over HTTPS basically)

Majorly dirty, as you have to manually edit the registry on the PCs for RDP to listen on a different port etc..

VPN is the only sensible way.
 
  A3 1.8T
If they can connect to the sevrer then could use RealVNC to connect to the indiviual PC's?

Only suggestion, sorry if not much help!
 
  Fiesta ST
1923821592_81adbde7be_b.png
 
  Rav4
yer it's handy :)

however, the system is all messed up and so untidy.

what they want is to have dumb terminals implemented throughout the group, well, that's what the IT manager wanted before he left.

One office uses a workgroup, no server, no AD nothing.

The other office uses windows 2003 with exchange, AD used throughout all the users but exchange only used for 10 users.

all other users use hosted exchange with published apps through hosted citrix.....

So messy :(
 
  Revels Mum & Sister
LOL what a mess I feel for you. I would suggest getting them all on the domain, if nothing for security alone.

VPN would be the way forward like Daz said.

SBS does have its place in small companies. We use it for several of our clients, the built in VPN SBS Connector is pretty easy to setup and use. Obviously this might not be an option.
 


Top