Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 2026 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to make secure access of RDP?

Madni Malik

hi ,

i have sophos XG with V18 Mr5. due to some reason for few users i have to allow RDP for few servers, users from WAN access those RDP . my question is how can i secure this RDP. VPN is one of the solution.but sometimes you have to allow RDP without VPN, in that case how can i secure that RDP using XG firewall? 

please advise. 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,  

    You could try to do Access Publishing with the Microsoft Server RemoteApp. 

    You could activate the functionality of Microsoft Virtual Applications which is free, as you have Microsoft CAL licenses for remote users you can publish with the XG SFOS via the WAF WEB access. 

    Check this URL: https://newhelptech.wordpress.com/2017/07/23/step-by-step-how-to-deploy-remote-desktop-services-in-windows-server-2016/ 

    What you would be exposing to the internet is a web server or mediator that would publish the RDP access or the applications that the user requires. This would function as a mediator to grant access to the remote server without publishing with DNAT rules.

    To safeguard access to the web URL even having the WAF protection you could activate the OTP for this protected URL. 

    I have not tried it but I am currently doing a lab to test. I have a client who currently has the RDP published with DNAT for some points of sale. They bought some SFOS to make site-to-site connections but others to stay out. So I have to try this scheme. 

  • 0 in reply to Irvin Rosario1

    Hello Irvin,

    thanks or sharing. 

    by doing above i can only able to access certain application on server. can i have complete remote desktop session of a server using RDS?

    regards,

  • 0 in reply to Madni Malik

    Hi,  

    Yes. You can publish the RDP app with the RDS Microsoft Service. This will help you to protect the web service with the WAF/IPS of SOPHOS FW. And even apply the OTP authentication. 

    But like i say this maybe will work or not. I am trying in my lab. 

    You can do that as well if you want. So you dont publish your RDP directly to the outside. 

Reply
  • 0 in reply to Madni Malik

    Hi,  

    Yes. You can publish the RDP app with the RDS Microsoft Service. This will help you to protect the web service with the WAF/IPS of SOPHOS FW. And even apply the OTP authentication. 

    But like i say this maybe will work or not. I am trying in my lab. 

    You can do that as well if you want. So you dont publish your RDP directly to the outside. 

Children
No Data