HP MSR firewall rule for port forwarding

Hello, I can't seem to properly forward RDP port from outside IP address to inside server. I want to forward 84.15.177.248 9500 port to the inside server 192.168.17.101 3389 (RDP) port. I have configured NAT redirection to internal server and a ACL rule for firewall on inbound WAN traffic, but it doesn't seem to be working. Here's my config:

​

#

version 5.20.106, Release 2516P13

#

sysname HP-MSR-930

#

firewall enable

#

domain default enable system

#

telnet server enable

#

dar p2p signature-file flash:/p2p_default.mtd

#

port-security enable

#

password-recovery enable

#

acl number 3001

description WAN_IN

rule 10 permit tcp established source 84.15.177.248 0 source-port eq 9500 destination 192.168.17.101 0 destination-port eq 3389

rule 100 deny ip

#

vlan 1

#

domain system

access-limit disable

state active

idle-cut disable

self-service-url disable

#

dhcp server ip-pool vlan1 extended

network ip range 192.168.17.100 192.168.17.254

network mask 255.255.255.0

gateway-list 192.168.17.1

dns-list 1.1.1.1 1.0.0.1

#

aspf-policy 1

detect HTTPS

detect HTTP

detect TCP

detect UDP

#

user-group system

group-attribute allow-guest

#

local-user admin

password cipher $c$3$40gC1cxf/wIJNa1ufFPJsjKAof+QP5aV

authorization-attribute level 3

service-type telnet

service-type web

local-user chr

password cipher $c$3$UbcpKEOtp9xHY26uA5i2RX2PnP6cYkNSnpYsLw2y

authorization-attribute level 3

service-type telnet terminal

service-type ftp

service-type ppp

service-type web

#

cwmp

undo cwmp enable

#

interface Aux0

async mode flow

link-protocol ppp

#

interface Cellular0/0

async mode protocol

link-protocol ppp

#

interface NULL0

#

interface Vlan-interface1

ip address 192.168.17.1 255.255.255.0

dhcp server apply ip-pool vlan1

#

interface GigabitEthernet0/0

port link-mode route

description WAN

firewall packet-filter 3001 inbound

firewall aspf 1 outbound

nat outbound

nat server 1 protocol tcp global current-interface 9500 inside 192.168.17.101 3389

ip address dhcp-alloc

#

interface GigabitEthernet0/1

port link-mode bridge

#

interface GigabitEthernet0/2

port link-mode bridge

#

interface GigabitEthernet0/3

port link-mode bridge

#

interface GigabitEthernet0/4

port link-mode bridge

#

dhcp enable

#

nms primary monitor-interface GigabitEthernet0/0

#

load xml-configuration

#

load tr069-configuration

#

user-interface tty 12

user-interface aux 0

user-interface vty 0 4

authentication-mode scheme

#

return