Howdy All,
I have enabled RDP (public) from the settings menu and can RDP to my machine. This allows any machine at any IP address to be able to RDP into the machine.
Is there a way to configure the RDP to only allow a specific machine name or a specific IP or IP range to RDP to the machine? This seems to be a common question but I (and others on the web) have failed to find a solution.
Thank you for your help in advance.
Hey SA,
I hear you. In my humble opinion this should not have been so complex. The menus are there, they are fairly obvious to a mid seasoned computer person but in executing then the system does not work. Its almost like having a thermostat in your house but its not connected to anything. What is more frustrating (and serious) is that the folks at Norton also could not figure it out. I don't get that at all, they are suppose to be the experts. I do have to say that they have treated me nice and politely.
And you are correct, the documentation is really non existent.
I understand you point about the IP routing and machine name part. But then why would the menu / window say "Enter computer by name (www.nortonlifelock.com) or by internet address (192.168.1.1). To enter multiple computers, use a space between each entry." ? This would imply that putting a machine name aka computer name into the field will work. I did ask about this but have not gotten an answer yet.
Thank you for the FYI on the IP reservation on the router end. Good suggestion which I will work on.
Thanks again for the back and forth.
Good feedback indeed. A machine name won't be resolved by the firewall as it won't know where to send the data. Norton's firewall shouldn't be such a PITA to tailor to specific requirement by having to change far too many unconventional settings just for something to work. Worse yet, there is no documentation for it. Disabling Norton firewall won't turn on the Windows firewall in the sense that it should take over where Norton was taking charge.
FWIW!! I always use static IP's on my routers settings to ensure that the IP addresses never change on devices with specific settings. IE with my NAS storage is set to static as I do not want to deal with constant issues with outside access and hacks. All other devices are dynamic.
SA
Well I got a hold of a higher level Norton team (nice folks) and been bouncing messages back and fourth to them in the last week+ or so pertaining to this issue. Lots of tests, suggestions and procedures. Results were basically the same where the system would NOT block All and ALLOW only the IP address or Machine Name specified.
All this got my brains cooking so I decided to try a few not so logical or obvious steps. One of the series of steps were:
In this sequence in the rules column / stack.
1. Rule for allowing RDP to only 1 IP address (ALLOW: xxx.xxx.x.xx)
2. RDP block rule to block all devices
3. Default Allow Remote Desktop (Private Networks) (ENABLED) --> I think this is normally ON
X. Default Allow Remote Desktop (Public Networks) (DISABLED)
This sequence WORKED to BLOCK ALL machines (in the network) and ALLOWED only 1 (identified with an IP address).
It seems like disabling the "Default Allow Remote Desktop (Public Networks)" made all the difference in ALLOWING only 1 machine access via IP address identification.
The only outstanding issue now is that if the IP address is change to a Machine Name (MachineName, MachineName.home.network) Norton will NOT let the client machine RDP into the host machine. Only using an IP address works.
Hello SA,
So we are modifying the BLOCK ALL standard rule to an ALLOW only 1 IP / Machine which means we are in general adding an ALLOW only rule to the stack.
Same results. All machine in the network can access the host machine (Norton 360) via RDP.
Thanks
When you do "modify, within "actions" select "allow". In connections select "only the computers and sites listed below, then click Add. In Networking, as shown, you should select Individually. Then enter the single IP address you want to CONNECT. Click ok and save the rule. And of course remove the rules you created or modified or they will conflict. Reboot.
SA
Hello,
I went to your "Default Block Remote Desktop" rule and clicked on "Modify". It gave me the exact same options as before. The is no option to BLOCK ALL except. the only options are: BLOCK, A: Any computer, B: Any computer on the local subnet, C: Only the computer and sites listed below.
Thank you.
Lets hear from the other Guru's and community. One last though it modify the rule below as it WILL allow individual entries. Modify it for that accordingly.
SA
Hello,
If you look at the adding or modifying rule screens there is NO way to Block ALL and add an exception. That option does NOT exist (see images below). When you choose BLOCK from the first screen, then next screen gives your options to/from or both, then the next screen gives you options to BLOCK, A: Any computer, B: Any computer on the local subnet, C: Only the computer and sites listed below. There is NO option when you can choose Any computer EXCEPT. The option does NOT exist. I believe that is why most folks trying to accomplish this make 2 rules, one to BLOCK all and one to only ALLOW a computer or IP. And that way of doing it does not work.
Any other suggestions?
Thank you for all the input thus-far.
Remove the initial rule you created. Then, in the "blocked" rule that you set, block ALL connections EXCEPT that specific IP address and specify port 3389. Move that rule to the top of he list. Restart all machines on the network and recheck. The other defaults should be bypassed.
SA
Hello,
In the rule I specified 1 IP address and the machine name. I did just the IP first, then the machine name then both but none of those worked.
Thanks
Are you specifying a network address in the rule vice a list? As a test that appeared on my side.
SA
Hello,
Looking at your input ... FYI "Default Allow Remote Desktop (Private Networks)" is always ON, so in theory any client computer on the network can Remote Desktop to the host computer (with Norton 360 Installed). That Default rule cannot be modified as. You can see as the checkbox is checked but the icon is grayed out. Just having that ON (by default out of the box) and being on the same network, a client computer is NOT able to Remote Desktop to the host computer.
The only way I was able to Remote Desktop into the host computer was to enable "Default Allow Remote Desktop (Public Networks)". With this enabled any client computer in theory can access the host by Remote Desktop. This rule is also NOT modifiable as the checkbox is checked but the icon is grayed out. So this rule cannot be modified to "Allow" only a specific IP address or Machine name.
So the only other option is to create a new rule (as I outlined in the images) to only Allow a specific IP address or specific machine name. I did this and moved the rule to the top of the stack. This as outline also did not work. The host continues to "Allow" all client computers access.
The next step was to turn off "Default Allow Remote Desktop (Public Networks)". This also did not work as host continues to "Allow" all client computers access.
The next step was to create a rule to Block all clients and combine that with the previous Allow only 1 specific IP or specific client machine name. This rule was moved to the top as the second rule below the "Allow only 1 specific IP or specific client machine name" rule. This also did not work as host continues to "Allow" all client computers access.
Whatever I do, It's all or nothing. Norton 360 will allow Remote Desktop to all client computers or none. Cannot seem to configure it to only allow specific IPs or client machines.
Any other suggestions?
Thanks
Which of the two rules below are you modifying below? Use private networks. In your rule that you created. Under modify rules, computers tab, use "Only the computers and sites listed below", and save the rule. There is no need to block anything as the rule will only allow that IP your specifying.
Also look for these settings being ticked as well in your Norton settings. Remote desktop is blocked there by default.
SA
Hello,
See attached.
Thanks
Could you please add your screenshots directly into the comments area of your next post so we can review? Here is how:
https://community.norton.com/en/forums/how-post-image-forums-0
SA
Hello,
I did not touch anything in Windows 10 because Norton 360 handles both antivirus and firewall. I looked at the settings you referred to in the link you provided and attached current settings on my system in the images attached.
In addition to the above I have also added another rule in Norton 360 to block all RDP connections (see PDF attached). Still the host continues to allow all RDP connections and simply cannot just allow the 1 computer or IP defined. Seems like its either RDP on or off for all.
Please advise as this is getting very frustrating. Thank you for your support in advance.
Do you have remote desktop set in Windows settings, just a rule in the Norton firewall, or both?
https://learn.microsoft.com/en-us/answers/questions/235264/how-to-restrict-rdp-connection-to-specific-source
SA
Again I am trying to access a windows 10 host machine that has Norton 360 installed and running on it via Remote Desktop (RDP). I have added a rule in Norton 360 to restrict RDP access to only 1 machine (by machine name and IP address) as shown below in the screen shots in the attached PDF file.
However, there seems to be no restrictions to what client machine can access the host. I am able to access the host machine from any machine on the local network.
Norton Chat support suggested moving the rule all the way to the top of all the rules but that still did not work. Norton Chat support and phone support had no further ideas as to why this is not working.
It seems straight forward but it does NOT work. Is there a step missing?
FYI, looks like someone else is having the same problem ...
https://superuser.com/questions/1762131/allow-rdp-for-1-static-ip-in-norton-360-block-all-other-ips