access by IP-addresses

[bigkush]

WinGate 6.1.2 (build 1094)
If we are having access from outside to a pc in the office through remote desktop connection (a certain port is opened), can that access be limited to certain (outside) IP-addresses only and how shoud we do it?
Thank you!

[Nev]

WinGate 6.1.2 (build 1094)
If we are having access from outside to a pc in the office through remote desktop connection (a certain port is opened), can that access be limited to certain (outside) IP-addresses only and how shoud we do it?
Thank you!

Hi Sergiy,

Try this post here for a method using a non standard port of your choice which is safer yet redirected to the client by Wingate's ENS in a port forward.

[bigkush]

We already have a redirect from a non-standard port to our local computer through TCP Mapping Service. What we need to know is how to allow access from specific outside IP-addresses ONLY. So, for example, I can connect to my local computer inside the office (behind Wingate) via remote desktop connection from a pc outside the office (via internet) that has a specific static IP-address and only from that IP-address, so I can be sure no one can use remote desktop connection to my computer as a security ”hole”.

Thank you!

[Nev]

We already have a redirect from a non-standard port to our local computer through TCP Mapping Service. What we need to know is how to allow access from specific outside IP-addresses ONLY. So, for example, I can connect to my local computer inside the office (behind Wingate) via remote desktop connection from a pc outside the office (via internet) that has a specific static IP-address and only from that IP-address, so I can be sure no one can use remote desktop connection to my computer as a security ”hole”.

Thank you!

Ah, source routing, cannot be done with this version of Wingate.

[ChrisH]

Instead of using the IP address to verify who you are, what about remotely authenticating with WG using the QbikAuth tool then setting up a policy with this TCP mapping service that only allows you as the user and you must be authenticated? This method does mean binding the Remote Control service to your external NIC.

[Pascal]

Chris has got the right idea there. You could extend that to use policies to restrict the IP addresses allowed to connect to that TCP mapping Service.

However, have you considered using the VPN to establish a network link between your home / office networks? Then you authenticate the VPN link, it's encrypted and you can access machines as if you were on the local network.

I do that from home when I need to make quick changes, etc.

[bigkush]

I am using assumed users.
I have 'User must be assumed' in System Polocy. In assumed users every user is assumed by IP-address (we have network with static local IP-addresses only). But recently I found out that if somebody tries to get to Internet from a local PC with IP-address that is not stated in assumed users, this computer does get access with no problem and it becomes assumed Administrator.
How can I fix that?

Now every computer with proxy configured in the browser settings has unlimited access to Internet!

[jamesc]

This post may help with the port restriction:

http://forums.qbik.com/viewtopic.php?t= ... hlight=vnc


Regarding your assumed user problem: Do you have any wild cards in the assumption for the Administrator?

[kgoodknecht]

WinGate 6.1.2 (build 1094)
If we are having access from outside to a pc in the office through remote desktop connection (a certain port is opened), can that access be limited to certain (outside) IP-addresses only and how shoud we do it?
Thank you!

You can enable RRAS as a router only (no NAT) and set up inbound packet filtering with TCP 3389 open only from your IP address to the external NIC.

Q254018 - How to Configure Input Filters for Services That Run Behind Network Address Translation:
http://support.microsoft.com/default.as ... us;Q254018