I have a Sophos XG behind which is a server which I'd like to access via RDP. I have DNAT setup to forward the port to the server, but I don't want to leave it turned on all the time. I could turn on remote HTTPS to the FW, and turn the DNAT rule on and off as needed. Any other reasonably secure strategies?
VPN to allow RDP is a good solution ... as stated by Emmanuel.If you DNAT RDP, you should allow access from some external IP's only.
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.