[KB7471] Create or edit a firewall rule to allow RDP connections in ESET Security Management Center 7.x

Issue

  • You are unable to connect to workstations with the ESET Endpoint Security firewall enabled

Details

Security Recommendations

Solution

ESET Security Management Center (ESMC) 7 User Permissions

This article assumes that your ESMC user has the correct access rights and permissions to perform the tasks below.

If you are still using the default Administrator user, or you are unable to perform the tasks below (the option is grayed out), see the following article to create a second administrator user with all access rights (you only need to do this once):

View permissions needed for least privilege user access

A user must have the following permissions for the group that contains the modified object:

Functionality Read Use Write
Policies

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers

Once these permissions are in place, follow the steps below.

  1. Open ESET Security Management Center Web Console (ESMC Web Console) in your web browser and log in.

  2. Click Policies, select the policy that you want to edit and then click Policies → Edit.
Figure 1-1
  1. To apply a rule, click Settings → Network Protection → Firewall → Advanced and click Edit next to Rules.
Figure 1-2
  1. Click Add and set the parameters for your rule in the General, Local, and Remote tabs.

Editing and removing rules

To edit a rule: Select the rule you want to modify and click Edit.
To remove a rule: Select the rule you want to remove and click Remove.

Figure 1-3
  1. Click General: To allow inbound TCP traffic, set the following parameters:

    • Direction = In
    • Action = Allow
    • Protocol = TCP
Figure 1-4
  1. Local Tab: By default, RDP connects on port 3389. If the RDP port has changed and you need to allow connections over a specific port, type in that port. 
    • Port = 3389

Figure 1-5

 

 

  1. Remote Tab: Allows you to restrict connections from specific zones or IP addresses. If left blank, the rule will allow RDP connections from all sources, including connections over the internet. This configuration is not recommended as RDP attacks are a common vector for ransomware infections.

      • To allow connections from the trusted zone, add the following configuration: Zones = Trusted zone.
      • To allow connections from a specific IP: Add the IP address or the range of IP addresses in the 'IP' field. Multiple entries must be delimited by a comma.
Figure 1-6
  1. When you are finished making changes to rule parameters, click OK. Your new rule will appear in the Firewall rules window. Click OK again to close the Firewall rules window.
Figure 1-7
  1. Click Assign → Assign.
Figure 1-8
  1. Select the check box(es) next to each static or dynamic group you want this policy assigned to and click OK.
Figure 1-9
  1. Click Finish to save your policy. Your policy settings will be applied to the target groups or client computers.

    To see the policies that are assigned to each group, click Computers, click the gear icon  next to the group, and then select Manage Policies from the drop-down menu.

    For more information about policies, read Online Help.
Figure 1-10

Security Recommendations

  • Allow RDP connections only over the local area network. The recommended action would be to have employees VPN into the network first before establishing the RDP connection.
  • Harden RDP access by adding multi-factor authentication to RDP (ESET Secure Authentication can accomplish this)
  • Harden RDP access by limiting RDP login attempts via GPO