Creating a Security Policy and NAT Policy for Inbound RDP to the VM

To add address object for Windows 10 VM

1. Navigate to the OBJECT | Match Objects > Addresses page.

2. Click + Add.

   The Address Object Settings dialog displays.

   

3. Iin the Name field, enter a friendly name.

4. From the Zone Assignment drop-down menu, select the LAN to the server.

5. Choose Host from the Type drop-down menu.

6. In the IP Address field, enter the IP address.

7. Click Save.

To add Security policy

1. Navigate to POLICY | Rules and Policies > Security Policy.

   The Security Policy page is displayed.

2. Choose WAN to LAN in Zone Matrix Selector.

   

3. At the bottom of the Security Policy table, click Add.

   The Adding Rule page is displayed.

   

4. Enter the policy Name and any identifying Tags you would like to enter to help sort your policies.

5. Enter a Description of the policy and its intent.

6. Select an Action, whether to Allow, Deny, or Discard access.

7. Specify the IP version in Type, IPv4 or IPv6.

8. Set your Security Policy's Priority.

9. Specify when the rule is applied by selecting a schedule or Schedule Group from the Schedule drop-down menu.

10. Click Enable to activate the policy schedule and enable logging.

11. In the Security Rule Action drop-down menu, select the action profile.

12. In the Source/Destination, select the following:

    	Source	Destination
    Zone/Interface	WAN	LAN
    Address	Any	X1 IP
    Port/Services	Any	Terminal Services

13. Click Save.

To add NAT Policy

1. Navigate to POLICY | Rules and Policies > NAT Policy.

   The NAT Policy page is displayed.

2. At the bottom of the Security Policy table, click Add.

   The Adding Rule page is displayed.

   

3. Enter the policy Name and any identifying Tags you would like to enter to help sort your policies.

4. Enter a Comment of the policy and its intent.

5. Set your Original/ Translated.

   1. Under Original select the following:

      Source	Any
      Destination	X1 IP
      Service	Terminal Services
      Inbound Interface	X1
      Outbound Interface	Any

   2. Under Translated select the following:

      Source	Original
      Destination	The destination address object such as Win10-VM-A 172.x.y.z.
      Service	Original

6. Click Save.

In a Remote Desktop Connection, run the VM using the same Elastic public IP used for logging into the NSv web interface, and the VM can get to the Internet through the NSv firewall.