Nicole Rappe
d6b2207498
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 8s
38 lines
1.8 KiB
Markdown
38 lines
1.8 KiB
Markdown
## Purpose
|
|
This document exists to outline the generalized process to configuring remote access in a Sophos XGS Firewall to allow a VPN user to RDP into a workstation. *Setting up Remote SSL VPN Access is not covered in this document.*
|
|
|
|
### Create MAC Host for Destination Device
|
|
The first step in the process is to create a MAC address host for the device being RDP'd into, that way if it's IP rotates, the firewall rule will continue to work correctly.
|
|
|
|
- Navigate to **Sophos XGS Firewall > [System] Hosts and Services**
|
|
- Click on the **Mac Host** tab > "**Add**"
|
|
- Name: `<Device-Hostname>`
|
|
- Description: `<Workstation Remote Access for (username)>`
|
|
- Type: `Mac Address`
|
|
- MAC Address: `<mac address of device>`
|
|
Click **Save**
|
|
|
|
### Configure Firewall Rule
|
|
- Navigate to **[Protect] Rules and Policies > Add Firewall Rule (New Firewall Rule)**
|
|
- Rule Name: `Remote Workstation Access for (username)`
|
|
- Source Zone: `VPN`
|
|
- Source Networks and Devices: `Any`
|
|
- Destination Zone: `LAN`
|
|
- Destination Networks: `<MAC Host We Previously Made>`
|
|
- Services > Add New Item > `RDP`
|
|
- If `RDP` does not exist, click "Add", `Services`
|
|
- Name: `RDP`
|
|
- Description: `Remote Desktop Protocol`
|
|
- Type: `TCP/UDP`
|
|
- Protocol: `TCP`
|
|
- Source Port: `1:65535`
|
|
- Destination Port: `3389`
|
|
Click **Save**
|
|
|
|
#### Configure Specific VPN User(s)
|
|
- Check **Match Known Users**
|
|
- Under "Users or Groups" click "Add New Item"
|
|
- Search for the username of the person using the VPN that needs to access the workstation (e.g. `nicole.rappe@bunny-lab.io`)
|
|
- Click the **Save** button and have the user try to connect to the VPN, then RDP into their workstation.
|
|
|