Options
Portquery show filtered but no firewall block
shanparames
Member Posts: 103 ■■■□□□□□□□
Hi
There are multiple VLAN's trunked to an ESXi host. In one VLAN, all the Windows servers hosted in that ESXi cluster are getting connected through RDP.
We are building new VM's in another VLAN newly created by Network team.We deployed VM's and assigned ip addresses to them .But we are not able to take RDP from outside the VLAN.All the VM's inside the particular VLAN are able to ping the default gateway and the external ip addresses .Port 3389 is found open in all the Vm's in that VLAN (since all are deployed through one common image.) I can able to take the RDP from the VM's inside that VLAN to one and another in the same VLAN which confirmed that too.
I did the port query from the citrix jump server to the destination VM in that VLAN for the port 3389 . Got the result as filtered which is clear enough that port 3389 is blocked.
So I raised the firewall request for the standard ports to be opened as per our enterprise firewall rules to the particular subnet ( VLAN).The firewall person executed the request , in spite of that I am unable to connect via the RDP and still the port query showing the port 3389 as filtered.
During the troubleshooting done by the firewall person , he is saying there is no firewall between the source and the destination ( I provided the tracert output to him )and he is not able to see any traffic flowing between the endpoints in realtime when I executed the continuous ping between the endpoints.
He is advising to check the issue with the Datacenter networking persons.Anybody encountered like this issue , if then please advise how and where to start the investigation .....
There are multiple VLAN's trunked to an ESXi host. In one VLAN, all the Windows servers hosted in that ESXi cluster are getting connected through RDP.
We are building new VM's in another VLAN newly created by Network team.We deployed VM's and assigned ip addresses to them .But we are not able to take RDP from outside the VLAN.All the VM's inside the particular VLAN are able to ping the default gateway and the external ip addresses .Port 3389 is found open in all the Vm's in that VLAN (since all are deployed through one common image.) I can able to take the RDP from the VM's inside that VLAN to one and another in the same VLAN which confirmed that too.
I did the port query from the citrix jump server to the destination VM in that VLAN for the port 3389 . Got the result as filtered which is clear enough that port 3389 is blocked.
So I raised the firewall request for the standard ports to be opened as per our enterprise firewall rules to the particular subnet ( VLAN).The firewall person executed the request , in spite of that I am unable to connect via the RDP and still the port query showing the port 3389 as filtered.
During the troubleshooting done by the firewall person , he is saying there is no firewall between the source and the destination ( I provided the tracert output to him )and he is not able to see any traffic flowing between the endpoints in realtime when I executed the continuous ping between the endpoints.
He is advising to check the issue with the Datacenter networking persons.Anybody encountered like this issue , if then please advise how and where to start the investigation .....
Thanks