DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Draytek 2860 - FW Policy issues, unable to auth
- apolloit
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
09 Jan 2018 16:31 #90354
by apolloit
Draytek 2860 - FW Policy issues, unable to auth was created by apolloit
Hello All, and happy new year.
We've had an issue - which I bought to Draytek's attention in August 2017. Case ref #DQ646723
To date, we've had no fix, and struggling to be understood. So I thought I'd try here. Giving up is not an option, but if anyone has an alternative - I'm all ears!!
The Background
We wish to hide RDP servers behind the firewall with policy rules. If you match the source IP, you're into RDP.
OR, for those on dynamic IPs - we have setup user-mode to authenticate them, which in turn opens up the (unticked) policy allowing RDP access in the filter ruleset.
This works like a charm on 2830s and 2860s (upto FW 3.8.2.3)
The issue
On later versions of the firmware on the 2860 - when logging in to the Draytek to authenticate the RDP policy, it doesn't work. You cannot see the RDP server.
All manner of workarounds have been tried, and big thanks to Anil and Manoj at SEG/Draytek UK for their recent efforts.
What we do know is - the user mode seems to work ok for LAN->WAN, but not WAN->LAN.
Draytek UK have (as of 09/01) informed me that the Taiwan engineers have (after 5 months) - delivered the rather crushing news that "the 2860 is not suitable for your needs".
Well it was - and I cannot just leave things as they are.
And furthermore - I have hundreds of Draytek 2860s which are stuck on old firmware as unable to get this issue resolved or a workaround given. Do they buy them back?
Alternatives?
Ultimately - we're happy to change the way we're configuring our kit. However, what we need to have is:
1. Web authentication
2. No SSL
3. No VPNs
It has been tried to put the units back into rule mode and then associate the policies to the user only - however this doesn't work.
--
So there we are. If anyone has any thoughts or guidance on this - I'd be very happy and grateful for your input. I've been with Draytek for 10-15 years, and must have purchased 100-150k worth of kit in that time. You'd think they'd be able to help with the one fault I've progressed. Wouldn't you?
Many thanks indeed.
Michael.
We've had an issue - which I bought to Draytek's attention in August 2017. Case ref #DQ646723
To date, we've had no fix, and struggling to be understood. So I thought I'd try here. Giving up is not an option, but if anyone has an alternative - I'm all ears!!
The Background
We wish to hide RDP servers behind the firewall with policy rules. If you match the source IP, you're into RDP.
OR, for those on dynamic IPs - we have setup user-mode to authenticate them, which in turn opens up the (unticked) policy allowing RDP access in the filter ruleset.
This works like a charm on 2830s and 2860s (upto FW 3.8.2.3)
The issue
On later versions of the firmware on the 2860 - when logging in to the Draytek to authenticate the RDP policy, it doesn't work. You cannot see the RDP server.
All manner of workarounds have been tried, and big thanks to Anil and Manoj at SEG/Draytek UK for their recent efforts.
What we do know is - the user mode seems to work ok for LAN->WAN, but not WAN->LAN.
Draytek UK have (as of 09/01) informed me that the Taiwan engineers have (after 5 months) - delivered the rather crushing news that "the 2860 is not suitable for your needs".
Well it was - and I cannot just leave things as they are.
And furthermore - I have hundreds of Draytek 2860s which are stuck on old firmware as unable to get this issue resolved or a workaround given. Do they buy them back?
Alternatives?
Ultimately - we're happy to change the way we're configuring our kit. However, what we need to have is:
1. Web authentication
2. No SSL
3. No VPNs
It has been tried to put the units back into rule mode and then associate the policies to the user only - however this doesn't work.
--
So there we are. If anyone has any thoughts or guidance on this - I'd be very happy and grateful for your input. I've been with Draytek for 10-15 years, and must have purchased 100-150k worth of kit in that time. You'd think they'd be able to help with the one fault I've progressed. Wouldn't you?
Many thanks indeed.
Michael.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek