On this tile, you can allow access for users connecting from all countries, or decide to restrict the access to only specific countries.
Select the second button "Allow connections only from this list of countries", and select the country/countries of your choice on the drop-down menu, they will be added to the list of allowed countries. Then, click on the "Apply now" button.
– On this example, you allowed access for users connecting from Czech Republic, France and Ireland.
When an IP address gets blocked, it appears on the right list, and you have the possibility to unblock it.
– Since RDS-Knight 3.4 version, it is now possible to filter the blocked IP addresses by entering the desired IP address, the date or the country (supported country name in english) under the Blocked IPs list
– The field below the countries list enables to check the RDP connections but also connections to processes that were chosen by the administrator.
By default, the HTML5 service is prefilled.
Warning: please triple-check that you have at least included the country where you are currently connected from. Otherwise, your IP address will be blocked quite quickly after applying the settings, more precisely as soon as a new user session will be opened on the server, thus disconnecting you without any hope of connecting back again from the same IP.
If you get blocked, we recommend that you try connecting from any country you allowed on RDS-Knight, for instance by connecting from another remote server.
You can also use your console session to fix the settings, as this connection is not using Remote Desktop Services or any non-local network and will not be blocked by RDS-Knight.
Notes: If you ever notice that Homeland Access Protection does not block connections coming from a country which is actually not in the authorized countries' list, it is certainly because:
In order to block an IP address, this feature add a blocking rule on the Windows firewall. So, firstly, the firewall must be active.
You also have to check if some firewall parameters are not handled by an other program, like an antivirus. In this case, you will have to deactivate this program and restart the service "Windows Firewall".
You can also contact your third-party program editor and ask them to find a way for their program to respect the rules when added to the Windows firewall. If you know any software editor's technical contact, we are ready to develop these "connectors" for the firewall. Contact us.
VPN: In case the remote client uses a VPN, Homeland Access Protection will get an IP address chosen by the VPN provider.
As you know, VPN providers use relays all around the globe to allow its users to browse anonymously.
Some VPN providers allow users to define the relay’s country.
Thus, users with VPN providers may be relayed through an unauthorized country. For example, if a VPN provider choses an IP from Sri Lanka, this country must be authorized by Homeland Access Protection. Also, if the VPN uses an internal corporate IP address, then the protection becomes irrelevant.
Firewall / Proxy: The purpose of an hardware firewall is to filter incoming and outgoing connections for large companies. As it is only a filter, it should not modify the originating IP address and therefore should not impact Homeland Access Protection. However, a proxy would definitively change the originating IP address to use a private network address, which will always be allowed by Homeland Access Protection. The primary purpose of this feature is to block access to a server opened to the Internet. If all connections comes from the corporate network, then the protection becomes irrelevant.
This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com. If you find that some IP address is not registered in its real country, please contact MaxMind directly.