Inbound VNC - WAN to LAN

Question

Good day! 
 
 I initially read from https://community.sophos.com/products/xg-firewall/f/network-and-routing/10855/wan-to-lan-inbound-nat---how-to but I guess it is not applicable to Sophos XG Firewall OS v16.05. 
 
 My question is, how do I configure a rule to allow vnc access to my LAN from outside or WAN? Is it with Business Application Rule or Network Rule? 
 Do I need to tick or check the "Rewrite source address"? 
 
 Thank you! 
 
 Benjie

Aditya Patel · Answer

HI Benjie , 
 I would believe that you would need to setup VNC server and port forward the necessary ports needed for you connect your VNC server Or simply you may use SSL VPN to connect a Virtual tunnel which is more secure and is recommended. 
 If you wish to use the port forward option , make sure a DNAT rule is created and forwarded to the VNC server and you may connect to other VNC clients for the same. Otherwise SSLVPN is used and do not need DNAT and can connect you to any system in LAN even by using RDP option as well.