On this tile, you can allow access for users connecting from all countries by letting this feature disabled, or decide to restrict the access to only specific countries.
Click on the Homeland Access Protection button to enable it:
Then, you can begin to add allowed countries, by clicking on the “Add country” button:
Select the country you wish to add on the list. (on this example, access is allowed for users connecting from United States and France.)
– You also have the choice to check the box below to unblock all IP addresses from the selected country.
When you selected the countries you wish to allow, click on the apply button:
When an IP address gets blocked, it appears on the Ip Addresses list, and you have the possibility to unblock it.
– By default, the HTML5 service is the watched process. If you wish to disable its monitoring or check connections on other processes, go to the Settings – Advanced tab.
Warning: please triple-check that you have at least included the country where you are currently connected from. Otherwise, your IP address will be blocked quite quickly after applying the settings, more precisely as soon as a new user session will be opened on the server, thus disconnecting you without any hope of connecting back again from the same IP. If you get blocked, we recommend that you try connecting from any country you allowed on RDS-Knight, for instance by connecting from another remote server. You can also use your console session to fix the settings, as this connection is not using Remote Desktop Services or any non-local network and will not be blocked by RDS-Knight.
Notes: If you ever notice that Homeland Access Protection does not block connections coming from a country which is actually not in the authorized countries’ list, it is certainly because:
In order to block an IP address, this feature add a blocking rule on the Windows firewall. So, firstly, the firewall must be active. You also have to check if some firewall parameters are not handled by an other program, like an antivirus. In this case, you will have to deactivate this program and restart the service “Windows Firewall”.
You can also contact your third-party program editor and ask them to find a way for their program to respect the rules when added to the Windows firewall. If you know any software editor’s technical contact, we are ready to develop these “connectors” for the firewall. Contact us.
VPN: In case the remote client uses a VPN, Homeland Access Protection will get an IP address chosen by the VPN provider. As you know, VPN providers use relays all around the globe to allow its users to browse anonymously. Some VPN providers allow users to define the relay’s country.
Thus, users with VPN providers may be relayed through an unauthorized country. For example, if a VPN provider choses an IP from Sri Lanka, this country must be authorized by Homeland Access Protection. Also, if the VPN uses an internal corporate IP address, then the protection becomes irrelevant.
Firewall / Proxy: The purpose of an hardware firewall is to filter incoming and outgoing connections for large companies. As it is only a filter, it should not modify the originating IP address and therefore should not impact Homeland Access Protection. However, a proxy would definitively change the originating IP address to use a private network address, which will always be allowed by Homeland Access Protection. The primary purpose of this feature is to block access to a server opened to the Internet. If all connections comes from the corporate network, then the protection becomes irrelevant.
This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com. If you find that some IP address is not registered in its real country, please contact MaxMind directly.