How to make secure access of RDP?

Question

hi , 
 i have sophos XG with V18 Mr5. due to some reason for few users i have to allow RDP for few servers, users from WAN access those RDP . my question is how can i secure this RDP. VPN is one of the solution.but sometimes you have to allow RDP without VPN, in that case how can i secure that RDP using XG firewall? 
 
 please advise.

Prism · Answer

Hello, 
 There's two ways, the first is to use either SSLVPN or IPsec Remote access. (Safest) 
 Or you can use Sophos Firewall Bookmark function for HTML5 RDP with Clientless Access VPN; You can check this KB for more information. 
 This article should cover the creation of a RDP Bookmark, and the Clientless Access VPN creation. 
 Thanks!

Irvin Rosario1 · Answer

Hi, Madni Malik 
 You could try to do Access Publishing with the Microsoft Server RemoteApp. 
 You could activate the functionality of Microsoft Virtual Applications which is free, as you have Microsoft CAL licenses for remote users you can publish with the XG SFOS via the WAF WEB access. 
 
 Check this URL: https://newhelptech.wordpress.com/2017/07/23/step-by-step-how-to-deploy-remote-desktop-services-in-windows-server-2016/ 
 What you would be exposing to the internet is a web server or mediator that would publish the RDP access or the applications that the user requires. This would function as a mediator to grant access to the remote server without publishing with DNAT rules. 
 To safeguard access to the web URL even having the WAF protection you could activate the OTP for this protected URL. 
 I have not tried it but I am currently doing a lab to test. I have a client who currently has the RDP published with DNAT for some points of sale. They bought some SFOS to make site-to-site connections but others to stay out. So I have to try this scheme.

How to make secure access of RDP?

Top Replies