From 8a155729648bc2770fa428a77c32881d790f85bf Mon Sep 17 00:00:00 2001 From: Nicole Rappe Date: Fri, 17 Oct 2025 17:56:27 -0600 Subject: [PATCH] Add Networking/Sophos/Configuring Remote VPN RDP Access.md --- .../Configuring Remote VPN RDP Access.md | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 Networking/Sophos/Configuring Remote VPN RDP Access.md diff --git a/Networking/Sophos/Configuring Remote VPN RDP Access.md b/Networking/Sophos/Configuring Remote VPN RDP Access.md new file mode 100644 index 0000000..460aa03 --- /dev/null +++ b/Networking/Sophos/Configuring Remote VPN RDP Access.md @@ -0,0 +1,33 @@ +## Purpose +This document exists to outline the generalized process to configuring remote access in a Sophos XGS Firewall to allow a VPN user to RDP into a workstation. *Setting up Remote SSL VPN Access is not covered in this document.* + +### Create MAC Host for Destination Device +The first step in the process is to create a MAC address host for the device being RDP'd into, that way if it's IP rotates, the firewall rule will continue to work correctly. + +- Navigate to **Sophos XGS Firewall > [System] Hosts and Services** +- Click on the **Mac Host** tab > "**Add**" + - Name: `` + - Description: `` + - Type: `Mac Address` + - MAC Address: `` + Click **Save** +- Navigate to **[Protect] Rules and Policies > Add Firewall Rule (New Firewall Rule)** + - Rule Name: `Remote Workstation Access for (username)` + - Source Zone: `VPN` + - Source Networks and Devices: `Any` + - Destination Zone: `LAN` + - Destination Networks: `` + - Services > Add New Item > `RDP` + - If `RDP` does not exist, click "Add", `Services` + - Name: `RDP` + - Description: `Remote Desktop Protocol` + - Type: `TCP/UDP` + - Protocol: `TCP` + - Source Port: `1:65535` + - Destination Port: `3389` + Click **Save** + - Check **Match Known Users** + - Under "Users or Groups" click "Add New Item" + - Search for the username of the person using the VPN that needs to access the workstation (e.g. `nicole.rappe@bunny-lab.io`) + - Click the **Save** button and have the user try to connect to the VPN, then RDP into their workstation. +