Sophos XG v18: How to configure Clientless VPN for outside users can connect RDP to Windows Server

Overview

The article show how to configure Clientless VPN feature on the Sophos XG firewall device, a feature that helps users outside the system only need to use a web browser to VPN to the enterprise internal system and access the servers in the system without installing VPN agent

The article user HTML5 to access the server using the RDP service

Diagram

Network details

The WAN IP of the Sophos XG device has IP address 172.16.31.52 for clientless users to remotely access this IP

AD server has local IP 172.17.17.100/24, clientless user will RDP remotely

Configuration situation

The article configures to create a Clientless user so that user can use HTML5 to remotely access the AD server using RDP

Configuration steps

  • Create HTML5 Bookmark for RDP access to AD server
  • Create Clientless VPN
  • Implement remote access using Clientless
  • Result

How to configure

Create HTML5 Bookmark for RDP access to AD server

  • Go to VPN -> Choose Bookmarks -> Click Add
  • Enter name for bookmark
  • In Type: Choose RDP
  • In URL: Enter AD server’s IP address
  • In Port: Keep default port or another port that you want to use to access to AD server
  • Click Save

Create user

  • Go to Authentication -> Choose User -> Click Add
  • Enter name for user
  • Enter password
  • Click Save

Create Clientless Access VPN

  • Go to VPN -> Choose Clientless access -> Click Add
  • Enter name
  • In Policy members: Choose user which was created before
  • In Published bookmarks: Choose bookmarks which was created before
  • Click Save

Implement remote access using Clientless user

Result

Access to AD server

** Note: If when making RDP connection error Error: protocol security negotiation failure, please disable NLA authentication on Remote desktop of Windows Server

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.