Prereqs

• Target has RDP enabled
• Firewall rules allow RDP traffic

FW Changes

• The following changes are made on the proper firewalls to allow RDP connections to mgmt02.

edge01 config

set firewall name DMZ-to-LAN rule 20 action accept
set firewall name DMZ-to-LAN rule 20 destination port 3389
set firewall name DMZ-to-LAN rule 20 protocol tcp_udp
set firewall name DMZ-to-LAN rule 20 source address 172.16.50.4
set firewall name DMZ-to-LAN rule 20 destination address 172.16.200.11
set firewall name DMZ-to-LAN rule 20 description "RDP from traveler (DMZ) to LAN, for mgmt02"

fw-mgmt

set firewall name LAN-to-MGMT rule 30 action accept
set firewall name LAN-to-MGMT rule 30 description "RDP from traveler (DMZ) to mgmt02"
set firewall name LAN-to-MGMT rule 30 destination port 3389
set firewall name LAN-to-MGMT rule 30 destination address 172.16.200.11
set firewall name LAN-to-MGMT rule 30 source address 172.16.50.4
set firewall name LAN-to-MGMT rule 30 protocol tcp_udp

RDP Access Over SSH

ssh -N -L 3390:172.16.200.11:3389 [email protected]

ssh tunneling notes