• Hello,

    I'm looking for some help with setting up a firewall rule.

    I'm trying to harden my security, and am looking at configuring a rule that allows RDP access from my LAN to another internal IOT VLAN. I would basically like my IOT VLAN to not have access to any of the other VLAN's on my home network. So, I'd like to be able to RDP from Computer 1 on my LAN, to any Virtual Machine I have setup on my IOT VLAN. I would like the IOT VLAN accessible from any device/IP from my LAN network, via RDP. Once I am RDP'd in, I can do whatever I need to from that VM.

    I attempted to setup a rule (Firewall => Rules => IOT VLAN) that basically does the following:
    Protocol Source Port Destination Port Gateway Queue
    TCP any any IOT VLAN 3389 any none

    This does not seem to have done the trick, and I'm not really sure where to go from here.

    All other topics I've tried searching on, all point to people wanting to allow RDP access from an external source to their network, and I haven't been able to find anything that covers allowing RDP access accross VLANS internally.

    Any help here would be appreciated, not sure if I'm just missing something simple, or if I need to add another rule somewhere else.

    Thanks for your time!

  • LAYER 8 Global Moderator

    Out of the box the default any any rules would allow you access anything on any of your other vlans. Be it rdp, ntp, ssh, smb, anything..

    The rules on your other vlan are meaningless if your lan is creating the traffic, since return traffic would be allowed by the state.

    If you can not access your vlan from the default lan rules of any any, then you have some firewall on your dest box, it doesn't have a gateway, or points to a different gateway..