Port Forwarding - ALLOWED REMOTE IP

Hameed
Here to help

Port Forwarding - ALLOWED REMOTE IP

Our supplier need Remote Desktop access to the server so I have enabled the port forwarding option in firewall and it is working fine.

 

Now the question is the ALLOWED REMOTE IP is ANY so it means any one can reach our server. I want to give the supplier ip address instead of any. so that only that particular supplier can access but that company they do not have any static IP. In this can what can we do to give access only to that supplier.

 

Please advice.

 

Thank you

4 Replies 4
jdsilva
Kind of a big deal

Hello @Hameed,

 

If you or your company require that access to RDP be restricted then you must require your supplier to have a static IP. It's either that, or you must change the ACL every time your supplier changes their IP.

 

However, I would encourage you to not open RDP to the Internet like this at all. You should consider deploying a Remote Desktop Connection Broker to properly manage RDP access into your network. This would be the proper place to control RDP access.

 

 

KRobert
Head in the Cloud

I would definitely stop allowing RDP from any and limit to your supplier's IP address at minimum. If your supplier only needs it at specific times, you can set a rule to deny RDP traffic from the supplier, then when the supplier needs access you can change the rule from deny to allow. This would control the window of time when RDP is actually accessible and can help with security on your side. If your supplier was ever compromised, and you have the rule open 24/7, that could open you up to a potential lateral attack. Manually allowing at specific times will at least block from that potential threat. a 3rd party software similar to LogMeIn or TeamViewer is probably best since they would need software authentication and typically uses 443 to connect to your server.
CMNO, CCNA R+S

I agree with you.. Keep open the connection is highly risk and I decided to go for TeamViewer.. Thank you very much for your advise.

Thank you very much for your advise. Remote Desktop Connection Broker I need to learn to implement. I will go through it and will give try. Thank you again.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels