TCP 0 vs 1-65535
Hi, i am trying to configure a connection to remote desktop from vpn clients using windows connection security rules. What i want to do is only allow the very specific ports required, even if that requires a few ports and a range opening up.
Usually i would just look at the Traffic Monitor, try the process and make a note of the ports/protocols i'm after. However in this instance, the only way i can make the connection work is by setting my rule to TCP 0 (i.e. all ports). However if I set it to a range of 1-65535, it doesn't work. For example, one of the ports attempted on one connection was 49667. That's within the range, but just lists it as unhandled external. If i change that same rule to TCP 0 instead it works fine.
Is there a difference between TCP 0 and TCP 1-65535 in a rule?
Comments
For the record, what firewall model do you have and what XTM version is it running?
I would not expect a difference.
What tool are you using for this access which requires all ports open?
Hi Bruce,
M370, v12.5.1.
RDP over SSLVPN, with the server set to require computer/user authentication with Kerberos (set using connection security rules). So the ports required are to the DCs from the ssl client to do the authentication.
You can always change Windows server to not use dynamic RPC ports, which would make setting up the firewall policy easier.
Restricting Active Directory RPC traffic to a specific port
https://support.microsoft.com/en-us/help/224196/restricting-active-directory-rpc-traffic-to-a-specific-port
As to why the TCP ports range of 1-65535 does not work for you, you would need to open a support incident