Add Networking/Sophos/Configuring Remote VPN RDP Access.md

Networking/Sophos/Configuring Remote VPN RDP Access.md

@@ -0,0 +1,33 @@
+## Purpose
+This document exists to outline the generalized process to configuring remote access in a Sophos XGS Firewall to allow a VPN user to RDP into a workstation.  *Setting up Remote SSL VPN Access is not covered in this document.*
+
+### Create MAC Host for Destination Device
+The first step in the process is to create a MAC address host for the device being RDP'd into, that way if it's IP rotates, the firewall rule will continue to work correctly.
+
+- Navigate to **Sophos XGS Firewall > [System] Hosts and Services**
+- Click on the **Mac Host** tab > "**Add**"
+    - Name: `<Device-Hostname>`
+    - Description: `<Workstation Remote Access for (username)>`
+    - Type: `Mac Address`
+    - MAC Address: `<mac address of device>`
+    Click **Save**
+- Navigate to **[Protect] Rules and Policies > Add Firewall Rule (New Firewall Rule)**
+    - Rule Name: `Remote Workstation Access for (username)`
+    - Source Zone: `VPN`
+    - Source Networks and Devices: `Any`
+    - Destination Zone: `LAN`
+    - Destination Networks: `<MAC Host We Previously Made>`
+    - Services > Add New Item > `RDP`
+        - If `RDP` does not exist, click "Add", `Services`
+            - Name: `RDP`
+            - Description: `Remote Desktop Protocol`
+            - Type: `TCP/UDP`
+                - Protocol: `TCP`
+                - Source Port: `1:65535`
+                - Destination Port: `3389`
+                Click **Save**
+    - Check **Match Known Users**
+        - Under "Users or Groups" click "Add New Item"
+        - Search for the username of the person using the VPN that needs to access the workstation (e.g. `nicole.rappe@bunny-lab.io`)
+    - Click the **Save** button and have the user try to connect to the VPN, then RDP into their workstation.
+