Manage Device from WAN

Question

How does one connect to the XG box from the WAN side? Is there something similar to the " Management / Webadmin Settings " on the UTM? 
 I have looked at the help files (honest), but I can't find anything, or am not understanding what I am reading. 
 It would also be nice to figure out the process that replaced the UTM process of " Network Protection/NAT/NAT ". 
 For instance. 
 On the XG system, where would I go to route a incoming RDP connection to a specific computer. This is very simple on the UTM, but I have no idea where to go on the XG. 
 Policies? 
 So. 
 Station on the WAN side trying to connect to a computer on the LAN side. 
 XG WAN IP: 172.16.81.4 
 XG LAN IP: 192.168.1.254 
 Computer on the WAN: 172.16.95.48 
 Computer on the LAN I want to RDP into: 192.168.1.1 
 RDP Port: 3389 
 So what I want to do is open my RDP client and connect to: 172.16.81.4 
 I then want the XG to route any Port 3389 traffic from 172.16.95.48(WAN) to 192.168.1.1(LAN) 
 On the UTM, simple. Probably is for the XG as well. I just don't understand the terminology/steps to do so. 
 
 BTW - I know both the ranges I listed are private. This is not a production system. It is not even a home system. It is just something I am playing with at work and would rather play with from my desk than have to sit at a remote station. 
 
 Thanks for any help.

Emile Belcourt · Answer

You need to make sure that the the device access from the WAN side is allowed for the webadmin in System > Administration > Device Access. 
 
 If you're not creating a Site-to-site VPN, you can create a policy to allow the RDP connections from WAN to LAN and specify the target host in the policy to make a DNAT. I'll pull a screenshot, it's a little vague at the moment.

Emile Belcourt · Answer

You'll need to make 2 rules of Business Application Type, as Azron says and their configuration needs to be as follows: 
 
 Host: Any (Or you could add the external (in your case externally internal) IP as the sole allowed IP) 
 Exceptions: None 
 Source Zone: WAN 
 Hosted Address: External Port with IP assignation of the IP of the XG's WAN link (External IP) 
 Protected Zone: LAN 
 Protected Application Servers: Create a Definition with the internal IP of your computer 
 Forward all ports: Off 
 Protocol: TCP 
 External Port Type: Port Range 
 Port range: 1 - 65535 
 Mapped Port Type: Port 
 Mapped Port: 3389 
 Rewrite Source Address (Masquerading): On 
 Use Outbound Address: Create a new NAT Policy for the internal IP of your XG 
 Intrusion Prevention & Traffic Shaping: I didn't create any but feel free to play 
 Reflexive Rule: Off 
 
 You will need to duplicate the above but with the protocol set to UDP with the same Mapped Port of 3389 as RDP uses TCP/UDP 3389. 
 Here are some screenshots of my working RDP on my test platform on a spare external and I see no reason why it shouldn't work in your setup:

rfcat_vk · Answer

Hi, 
 depends on what you mean by access your XG? 
 Do you to remotely manage the XG or do you want to access your local LAN? 
 If it is the XG you wish to manage why not try the free version on the Central Management server? You also investigate the Sophos DDNS. 
 Ian