Hi,
I have a draytek 2830 (FW 3.3.6.1db_232201), I'm trying to setup an allow rule on the firewall for 5 IPs (soon to be more) that need to access a terminal server on the network.
First I have opened the port
NAT - Open Ports
Index - 1 / Enable - Ticked / Comment - RDP / WAN Interface - WAN1 / Local Computer - TS IP / Protocol - TCP / Start Port 3389 / End Port - 3389
Then created the IP Objects for each of the external IPs
Object Setting - IP Object
Index - 1 / Name - Site1 / Interface - ANY / Address Type - Single / Start Address - Public IP of Site1 / Invert Selection - Ticked
Then created a IP Group to bundle all the IPs together
Object Setting - IP Group
Index - 1 / Name - RDP_GROUP / Interface - WAN / Moved all the sites to Selected IP Objects
Then create the Firewall rule
Firewall - General Setup
Ticked Call Filter - Enabled / Start Filter Set - Set#1/ Ticked Data Filter - Enabled / Start Filter Set - Set#2
Ticked Accept large incoming .....
Ticked Enable Strict Security Firewall
Filter Setup - Default Data Filter
Filter Rule 2 - Enabled / Comments - rdp_allow / Direction - WAN -> LAN/RT/VPN / Source IP - RDP_GROUP / Destination IP - TS IP / Service Type: TCP, Port: From any to 3389 / Fragments - Don't Care / Block Immediately
I can't seem to get it to work, it just blocks everything.
I've tried setting up the filter without using groups and putting in a single site IP address, for the source, and ticking invert selection and it works fine...
Could someone enlighten me to the correct procedure?
Thanks
