[KB7938] Create or edit a firewall rule to allow RDP connections in ESET PROTECT (8.x – 9.x)

Issue

  • You are unable to connect to workstations via Remote Desktop Protocol (RDP) with the ESET Endpoint Security firewall enabled

Details

Security Recommendations

  • Allow RDP connections only over the local area network. The recommended action would be to have employees VPN into the network first before establishing the RDP connection.
  • Harden RDP access by adding multi-factor authentication to RDP (ESET Secure Authentication can accomplish this).
  • Harden RDP access by limiting RDP login attempts via Group Policy Object (GPO).

Solution

Required user permissions

This article assumes that you have the appropriate access rights and permissions to perform the tasks below.

If you use the default Administrator user or are unable to perform the tasks below (the option is unavailable), create a second administrator user with all access rights.

  1. Open the ESET PROTECT Web Console in your web browser and log in.
  2. Click Policies, select the desired Built-in policy and then select the policy that you want to modify.

  3. Click Actions Edit.

Figure 1-1
  1. To apply a rule, click Settings Network ProtectionFirewallAdvanced and then click Edit next to Rules.
Figure 1-2
  1. Click Add.
Editing and removing rules
  • To edit a rule: Select the rule you want to modify and click Edit.
  • To remove a rule: Select the rule you want to remove and click Remove.
Figure 1-3
  1. In the General Tab, set the following parameters to allow inbound TCP traffic:
    • Direction = In
    • Action = Allow
    • Protocol = TCP
Figure 1-4
  1. Click Local. By default, RDP connects on port 3389. If the RDP port has changed and you need to allow connections over a specific port, type in that port.
    • Port = 3389
Figure 1-5
  1. Click Remote. You can restrict connections from specific zones or IP addresses. If left blank, the rule will allow RDP connections from all sources, including connections over the internet. This configuration is not recommended as RDP attacks are a common vector for ransomware infections.
    • To enable connections from the trusted zone, add the following configuration: Zones = Trusted zone.
    • To enable connections from a specific IP, add the IP address or the range of IP addresses in the 'IP' field. Multiple entries must be delimited by a comma.
Figure 1-6
  1. When you are finished making changes to rule parameters, click OK. Your new rule will appear in the Firewall rules window. Click OK again to close the Firewall rules window.
Figure 1-7
  1. Click Assign Assign.
Figure 1-8
  1. Select the check boxes next to each static or dynamic group you want this policy assigned to and click OK.
Figure 1-9
  1. Click Finish to save your policy. Your policy settings will be applied to the target groups or client computers.
Figure 1-10


To see the policies that are assigned to each group, click Computers, click the gear icon  next to the group, and then select Manage Policies from the drop-down menu.

For more information about policies, read Online Help.

Figure 1-11