1.7 KiB
1.7 KiB
Purpose
This document exists to outline the generalized process to configuring remote access in a Sophos XGS Firewall to allow a VPN user to RDP into a workstation. Setting up Remote SSL VPN Access is not covered in this document.
Create MAC Host for Destination Device
The first step in the process is to create a MAC address host for the device being RDP'd into, that way if it's IP rotates, the firewall rule will continue to work correctly.
- Navigate to Sophos XGS Firewall > [System] Hosts and Services
- Click on the Mac Host tab > "Add"
- Name:
<Device-Hostname> - Description:
<Workstation Remote Access for (username)> - Type:
Mac Address - MAC Address:
<mac address of device>Click Save
- Name:
Configure Firewall Rule
- Navigate to [Protect] Rules and Policies > Add Firewall Rule (New Firewall Rule)
- Rule Name:
Remote Workstation Access for (username) - Source Zone:
VPN - Source Networks and Devices:
Any - Destination Zone:
LAN - Destination Networks:
<MAC Host We Previously Made> - Services > Add New Item >
RDP- If
RDPdoes not exist, click "Add",Services- Name:
RDP - Description:
Remote Desktop Protocol - Type:
TCP/UDP- Protocol:
TCP - Source Port:
1:65535 - Destination Port:
3389Click Save
- Protocol:
- Name:
- If
- Check Match Known Users
- Under "Users or Groups" click "Add New Item"
- Search for the username of the person using the VPN that needs to access the workstation (e.g.
nicole.rappe@bunny-lab.io)
- Click the Save button and have the user try to connect to the VPN, then RDP into their workstation.
- Rule Name: