remote desktop connection

dirks · November 4, 2008, 10:47am

I deinstalled the comodo firewall and installed the CIS (only the firewall and the maximum defense+ option).
Now, when I want to do a remote desktop connection to two machines A and B, I can not connect to them. Even a ping to those machines fails. Both machines run win xp with the latest updates. The machine from which I start the remote desktop connection also has win xp with all the latest updates.

Machine A (has CF v3.0) I have connected to several times in the last few months using the remote desktop connection wihtout any problem. Now with CIS v3.5 on the machine from which I start the remote desktop connection, this seems impossible.
The other machine B, which I am still configuring for placement in a remote location, has exact the same problem. Also running win xp but this one has CIS (only firewall and maximum defense+ option).
Does anyone have any idea? Manythanks for all info.

dchernyakov · November 10, 2008, 12:26pm

Do you have any blocked entries in your Firewall log?
Have you tried to switch to training mode for the time you connect via RDP (several minutes to make sure all handshakes are done)?

dirks · November 12, 2008, 10:40am

Hi dchernyakow,

Many thanks for that post and the reminder to look at the firewall events log. I have to configure the CFP only rarely and so forget what to look at and where in the product. Anyway now notes have been taken for the future.

To document it for others (including the obvious), here all that I did from the start:

Ensure that remote desktop connection has been enabled.

Right click on “My computer”
Select Tab “remote”
Select “remote desktop”

Comodo Firewall on remote computer:

In the firewall section – in the left column, select “advanced” – network security policy – global rules

You have to allow TCP port 3389 IN thru the firewall. The firewall log should show that port as being blocked when you try to remote in.

The rule would look like this:
ALLOW - check the checkbox if you want to log
TCP
IN
Source IP: the IP of the PC you are connecting from
Destination IP: Any (or the IP address of the computer being connected)
to here)
Source port: ANY
Destination port: 3389

Now move this rule to the top, so that this rule is executed first.

In the firewall section– in the left column, select “advanced” - network security policy – application rules

Find the entry for svchost.exe

And change the part:

Block and log IP in …….

Add the exception for the IP address of the source computer

And I set the network defense (under summary) to “training mode” on source and destination computer while I did my first rdp connections. Once it worked, I set it all back to safe mode.

This is valid for the source computer with CIS (firewall only installed) and the destination computer with CIS (firewall only installed). The one computer that is already at a remote destination and still has the old CFP v3, will be tested as soon as I find time to go there.

That did the trick for me. Not being a network and security specialist, I would like to know if this config does not pose any special risks?