iT邦幫忙

0

Sonicwall 問題

請教各位師兄, 我公司用緊 Sonicwall NSA-2400

X0 - Local LAN (192.168.0.X)

X1 - WiFi Network (192.168.10.X)

X2 - WAN

問題是 WiFi User 喜望可以 Remote Desktop X0 Local LAN 自己電腦, 技術上可以嗎? 如何設定?

謝謝

1 個回答

0
雷伊
iT邦好手 1 級 ‧ 2019-05-31 13:33:58

由於不知道您的靜態路由是怎麼設定的,我提供外對內的方式給您
1.防火牆外對內設虛擬伺服器轉址進內網欲遠端的主機
Public IP:您使用的Port=>欲遠端的主機
2.若不想用3389遠端主機改個REG,搜尋"PortNumber"=dword:00000D3D,用16進位改,例如:3389=D3D
3.遠端主機本機防火牆必須新增您使用的Port
4.RDP伺服器欄位打xxx.xxx.xxx.xxx:您跳的Port

修改REG的內容如下,執行後請重啟系統方能生效
.................................
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"AudioEnumeratorDll"="rdpendp.dll"
"Callback"=dword:00000000
"CallbackNumber"=""
"CdClass"=dword:00000000
"CdDLL"=""
"CdFlag"=dword:00000000
"CdName"=""
"CfgDll"="RDPCFGEX.DLL"
"ColorDepth"=dword:00000005
"Comment"=""
"Domain"=""
"DrawGdiplusSupportLevel"=dword:00000001
"fAllowSecProtocolNegotiation"=dword:00000001
"fAutoClientDrives"=dword:00000001
"fAutoClientLpts"=dword:00000001
"fDisableAudioCapture"=dword:00000000
"fDisableCam"=dword:00000000
"fDisableCcm"=dword:00000000
"fDisableCdm"=dword:00000000
"fDisableClip"=dword:00000000
"fDisableCpm"=dword:00000000
"fDisableEncryption"=dword:00000001
"fDisableExe"=dword:00000000
"fDisableLPT"=dword:00000000
"fEnableWinStation"=dword:00000001
"fForceClientLptDef"=dword:00000001
"fHomeDirectoryMapRoot"=dword:00000000
"fInheritAutoClient"=dword:00000001
"fInheritAutoLogon"=dword:00000001
"fInheritCallback"=dword:00000000
"fInheritCallbackNumber"=dword:00000001
"fInheritColorDepth"=dword:00000000
"fInheritInitialProgram"=dword:00000001
"fInheritMaxDisconnectionTime"=dword:00000001
"fInheritMaxIdleTime"=dword:00000001
"fInheritMaxSessionTime"=dword:00000001
"fInheritReconnectSame"=dword:00000001
"fInheritResetBroken"=dword:00000001
"fInheritSecurity"=dword:00000000
"fInheritShadow"=dword:00000001
"fLogonDisabled"=dword:00000000
"fPromptForPassword"=dword:00000000
"fReconnectSame"=dword:00000000
"fResetBroken"=dword:00000000
"fUseDefaultGina"=dword:00000000
"InitialProgram"=""
"InputBufferLength"=dword:00000800
"InteractiveDelay"=dword:00000032
"KeepAliveTimeout"=dword:00000000
"KeyboardLayout"=dword:00000000
"LanAdapter"=dword:00000000
"LoadableProtocol_Object"="{5828227c-20cf-4408-b73f-73ab70b8849f}"
"MaxConnectionTime"=dword:00000000
"MaxDisconnectionTime"=dword:00000000
"MaxIdleTime"=dword:00000000
"MaxInstanceCount"=dword:ffffffff
"MinEncryptionLevel"=dword:00000002
"NWLogonServer"=""
"OutBufCount"=dword:00000006
"OutBufDelay"=dword:00000064
"OutBufLength"=dword:00000212
"Password"=""
"PdClass"=dword:00000002
"PdClass1"=dword:0000000b
"PdDLL"="tdtcp"
"PdDLL1"="tssecsrv"
"PdFlag"=dword:0000004e
"PdFlag1"=dword:00000000
"PdName"="tcp"
"PdName1"="tssecsrv"
"PortNumber"=dword:00000D3D
"SecurityLayer"=dword:00000000
"SelectNetworkDetect"=dword:00000001
"SelectTransport"=dword:00000002
"Shadow"=dword:00000001
"UserAuthentication"=dword:00000000
"Username"=""
"WdFlag"=dword:00000036
"WdName"="Microsoft RDP 8.0"
"WdPrefix"="RDP"
"WFProfilePath"=""
"WorkDirectory"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\TSMMRemotingAllowedApps]
"ehshell.exe"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\VideoRemotingWindowNames]
"AGFullScreenWinClass"=""
"EVRVideoHandler"="
"
"MacromediaFlashPlayerActiveX"=""
"MicrosoftSilverlight"="
"
"ShockwaveFlashFullScreen"="*"

chanhinyu iT邦新手 5 級 ‧ 2019-05-31 14:20:25 檢舉

抱歉浪費了師兄的文章於我完全沒用, 因如何修改 RD-Port 我已懂, 我希望知道的是如何在 Firewall 設定 routing 或其它 setup 可以令到 X1 User access X0 而不是外部 NAT 入來

謝謝

雷伊 iT邦好手 1 級 ‧ 2019-06-03 13:43:25 檢舉

文章前頭已說明要設定"靜態路由",不是每個網管都有碰過不同的防火牆,所以比較沒人可以回答問題,您提供的資訊連防火牆的Lan IP都沒有,也不知道使用的Wifi是哪種,(1Wan+4LAN或1WAN)大抵上應該是要在Sonicwall NSA-2400設定靜態路由將192.168.10.0 指向 192.168.0.254(閘道) 255.255.255.0 (遮罩),另一種方式捨棄Wifi 的Wan並關閉DHCP,讓X0直接進Wifi的LAN,我猜想您是因為X1 tracert X0就卡在X1的閘道就沒下文了。

我要發表回答

立即登入回答