INSTRUCTIONS

DMZGuard is a web based application installed directly on your PC. Everything is bundled with the application so there is no need to download, install, or configure anything else. Windows Pro version is limited to a single Remote Desktop or VPN user at a time, therefore this personal version of DMZGuard is also limited to whitelisting one IP address at a time. If you have Windows Server with multiple Remote Desktop or VPN users, this version will limit those multiple logins to a single IP, meaning more than one user can login remotely but only from the same IP address. Windows Home does not have Remote Desktop services, however you can use DMZGuard to manage VNC Server ports or any other port, e.g. FTP, HTTP, or OpenVPN.

INSTALLATION

• Download the installer
• Right click the installer and click "Run as administrator"
• Accept license

• Choose any path to install to.

• Installation takes about a minute, click OK when done. There will be another window running configuration scripts which will close when done.
  
• DMZGuard login page will open in your default browser (https://127.0.0.1:9443/). If you get a security warning, ignore it and continue by clicking advanced. This is because the certificate used for secure connections is self generated. You will get ERR_CERT_AUTHORITY_INVALID, but the page is still secure and uses SSL to encrypt all traffic.

CONFIGURATION

• On the DMZGuard webpage login dialog, enter otpadmin as both username and password. You should change this after you login.

• For the "Enter key" page, enter a valid Remote Desktop User name. This is any local user in the Remote Desktop Users group (see pics below).

Remote Desktop Users group (under your PC's Computer Management console)

Remote Desktop Users Remote Desktop Users group members


After logging in, change the web server password and set other options from the Configuration Editor page at https://127.0.0.1:9443/conf.cfm or click on the top left "v.Myrtos" link. For security reasons, you cannot edit configuration from another PC via network or internet, you must do it while logged into the PC DMZGuard is installed on - you will get an error if you try.

Finally, do not forget to open port 9443 on your router so you can access DMZGuard from the internet. This will be in your router's advanced setting under something similar to Port Forwarding, NAT, Web Applications, etc. Refer to your router's help documentation.

One-Time-Password (OTP)

If you want to use the OTP feature, you must enter your SMTP mail server login details under the Application Security page. (You can find this information from your Internet Service Provider.) OTP will e-mail a verification code to the address you set on this page. You can also turn off OTP.

Note: If you enable "Trusted Device" setting and register a device, it will bypass OTP even if OTP is enabled. And, OTP is disabled for local logins even if enabled on config page.

Page Key

This is the application password, which is the name of Remote Desktop user. You cannot set this password because it's retrieved from Windows Remote Desktop Users Group. You cannot disable this if "Trusted Device" is enabled.

Trusted Device

This will set a unique cookie on the device you register, which is retrieved in subsequent logins to verify your identity. This must have "Page Key" enabled to work.

Page Key

This is the application password, which is derived from a Remote Desktop username. You cannot set this password because it's retrieved from Windows Remote Desktop Users Group. You cannot disable this if "Trusted Device" is enabled.

Network (Firewall)

This is where you can manually set the remote IP and Port to whitelist. Your local network IPs and Ports are not affected. The default port on this page is Remote Desktop (3389) but you can set it to any port you wish. You can have only one port and one IP.

Nodifi option e-mails your external IP address to the OTP address, if it changes, similar to dynamic dns. (max once a day in freeware version) You must have "E-mail to send OTP to" configured in the Application Security menu, and tested for it work.

USAGE

• Whitelisting Remote IP
To add your remote IP address to the whitelist, you simply login to your instance of DMZGuard and your remote IP address is automatically whitelisted. After that you can login to Remote Desktop, etc. That's it!

Depending on the authentication methods you selected in DMZGuard configuration, the login could be one step or multi-step authentication. You can also use your mobile device as a "Trusted Device' to simplify future logins.

Note: The address of your DMZGuard instance is your external IP plus port 9443. For example, https://10.10.10.10:9443 . If you already have dynamic service, you would use that address, e.g. https://MyDynDnsDomain.com:9443 . You must also have port forwarding enabled on your router i.e. forward port 9443 to port 9443 on the DMZGuard PC's IP address.