Update Networking/Sophos/VPN/SSL VPN/Configuring Remote VPN RDP Access.md
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 7s

This commit is contained in:
2025-10-17 17:58:49 -06:00
parent b68d5fdc4a
commit 85e1ed8bcc

View File

@@ -0,0 +1,37 @@
## Purpose
This document exists to outline the generalized process to configuring remote access in a Sophos XGS Firewall to allow a VPN user to RDP into a workstation. *Setting up Remote SSL VPN Access is not covered in this document.*
### Create MAC Host for Destination Device
The first step in the process is to create a MAC address host for the device being RDP'd into, that way if it's IP rotates, the firewall rule will continue to work correctly.
- Navigate to **Sophos XGS Firewall > [System] Hosts and Services**
- Click on the **Mac Host** tab > "**Add**"
- Name: `<Device-Hostname>`
- Description: `<Workstation Remote Access for (username)>`
- Type: `Mac Address`
- MAC Address: `<mac address of device>`
Click **Save**
### Configure Firewall Rule
- Navigate to **[Protect] Rules and Policies > Add Firewall Rule (New Firewall Rule)**
- Rule Name: `Remote Workstation Access for (username)`
- Source Zone: `VPN`
- Source Networks and Devices: `Any`
- Destination Zone: `LAN`
- Destination Networks: `<MAC Host We Previously Made>`
- Services > Add New Item > `RDP`
- If `RDP` does not exist, click "Add", `Services`
- Name: `RDP`
- Description: `Remote Desktop Protocol`
- Type: `TCP/UDP`
- Protocol: `TCP`
- Source Port: `1:65535`
- Destination Port: `3389`
Click **Save**
#### Configure Specific VPN User(s)
- Check **Match Known Users**
- Under "Users or Groups" click "Add New Item"
- Search for the username of the person using the VPN that needs to access the workstation (e.g. `nicole.rappe@bunny-lab.io`)
- Click the **Save** button and have the user try to connect to the VPN, then RDP into their workstation.