NAT RULE TO SETUP RDP FROM WAN TO INTERNAL SERVER VERSION 18

I am trying a trial version of XG running version 18. I am struggling to setup RDP to one of the internal servers from a trusted WAN client. In the hosts& services i have setup the WAN client as well. A KB on how to setup rdp port forwarding on version 18 would be helpful. Thanks

  • Hi itguy381,

    Thank you for reaching you to the community!

    Please follow this KBA for more info: Sophos XG Firewall: How to DNAT / Port Forward to an internal server.

    Thanks,

     

  • In reply to H_Patel:

    Thank you for sending me the link. I tried using the PAT scenario as detailed in the video. This required

    1. Creating a firewall rule

    2. Creating a NAT rule  and then specified the port it should translate to.

    However i am unable to RDP looking from the log viewer.

     

     

     

     

  • In reply to itguy318:

    Hi itguy318,

    Is there a specific reason for using HTTPS service as the original service? 

    I would advise you to change the source port to some port that is not used within any other DNAT rule or local services like the user portal.

    Thanks,

  • In reply to H_Patel:

    Hi Patel,

    Thanks for the reply. In my case i am trying RDP to an on-prem server using PAT rules and you have advised me to rethink about HTTPS service. What i would like to do as well is use the WAF funtionality. So any request going to the public IP of the XG would get applied a DNAT rule and go to the internal webserver. Would i have to use a HTTP incoming request on the XG, and then get it translated to HTTPS to the web server. I am struggling with the WAF/DNAT functionality in V18. Sorry for this.

  • In reply to itguy318:

    As you use RDP, your Service should be RDP in NAT and leave original.

    This will NAT the Traffic and it should work. 

     

    Still my concerns, you should not open RDP for public, no matter which IP you are using. 
    VPN should be used. 

  • In reply to LuCar Toni:

    Thank you Lucar. This is a test environment . We use VPN and then initiate RDP connections to internal LAN clients. My tests were based on replacing my WAF rules and i experimented with RDP as well. I will try your suggestion and get back