How To – Allow Remote Desktop Connection of

How To –Internal
Allow Remote Network Resources
Desktop Connection over
of Internal Network Internet
Resources over Internet

Applicable Version: 10.00 onwards

Overview
Remote Access technologies such as Remote Desktop Protocol (RDP) allow users to access their
systems which are in the corporate LAN network over the Internet. Cyberoam facilitates Remote
Desktop Connection of Internal Network Resources from WAN. Cyberoam provides configuration of
Remote Desktop Connection by creating Virtual Host(s).

Virtual Host is a NATing mechanism to map services of a public IP address to the services of a host in
a private network. In other words, it is a mapping of public IP address to internal IP address. This
virtual host is used as the Destination address to access the internal host.

Scenario
Configure Cyberoam to allow RDP connection of an internal host 172.16.16.10 from the Internet.

User over WAN

Cyberoam WAN IP
202.134.168.208

Host IP
172.16.16.10

LAN 172.16.16.0/24
 How To – Allow Remote Desktop Connection of Internal Network Resources over Internet

Configuration
You must be logged on to the Web Admin Console as an administrator with Read-Write permission
for relevant feature(s).

Step 1: Add IP Host

Go to Objects > Hosts > IP Host and click Add to add an IPv6 host. Specify the parameters as
shown in the table below:

Parameters Value Description

Name Remote_IP_Host Specify a name to identify the host address.
Select the type of IP host.
Available options:
1. IP
Type IP
2. Network
3. IP Range
4. IP List
IP Address 172.16.16.10 Specify the IP address of the host
IP Host Group IP Host Group Select the desired IP Host Group

Step 2: Create Virtual Host

Go to Firewall > Virtual Host > Virtual Host and click Add to create a virtual host and specify the
parameters as shown in the table.
 How To – Allow Remote Desktop Connection of Internal Network Resources over Internet

Parameters Value Description

Name RDP_Host Specify a name to identify the host

Select the WAN interface port along with the
External IP PortB – 202.134.168.208
WAN IP address
Mapped IP Remote_IP_Host Select the IP host created in step 1
Physical Zone LAN Specify the zone in which the host resides
Port Forwarding

Enable Port Forwarding Enabled Check to enable port forwarding

Select the protocol type.
Available options:
Protocol TCP
- TCP
- UDP
Click to specify the type of port mapping
Available options:
Port Type Port - Port
- Port Range
- Port List
Specify public port number for which you
External Port 3389
want to configure port forwarding
Specify mapped port number on the
Mapped Port 3389 destination network to which the public port
number is mapped

Click OK to create the Virtual Host.

 How To – Allow Remote Desktop Connection of Internal Network Resources over Internet

Step 3: Create Firewall rule

On clicking OK, the Add Firewall Rules For Virtual Host screen appears which allows you to create
rules to allow access to RDP_Host from other zones such as WAN zone.

Enable Add Firewall Rule(s) For Virtual Host and set rule parameters as desired. Here, we have
created a rule which allows access to RDP_Host from WAN zone.

Click Add Rule(s) to create the rule.

The above steps allow remote access to local host 172.16.16.10 from WAN through RDP.

Document Version: 1.0 – 29 March, 2014