Remote Access & Security: A Guide to Configuring AnyDesk with Sophos UTM In the era of remote work, the balance between accessibility and security is the single biggest challenge for IT administrators. You need your team to access their workstations from anywhere, but you cannot afford to punch holes in your firewall that leave your network vulnerable to ransomware or unauthorized access. This is where the combination of AnyDesk (a popular remote desktop tool) and Sophos UTM (Unified Threat Management) comes into play. In this post, we will explore how to configure Sophos UTM to safely allow AnyDesk traffic, ensuring that "work from home" doesn't become "hackers at home." The Challenge: Default Ports vs. Network Security By default, AnyDesk uses port 7070 (TCP) for direct connections. In a naive setup, an administrator might simply open port 7070 on the firewall and forward it to a target machine. Do not do this. Opening specific ports for peer-to-peer remote desktop software is a security risk. It creates a static entry point that attackers can scan for, brute force, or exploit via software vulnerabilities. The goal with Sophos UTM is to leverage its advanced firewall features to control this traffic without exposing your internal network to the wild internet. Method 1: The Direct Connection (Port Forwarding) Best for: Small offices with static IP addresses. If you have a specific machine that requires direct access via AnyDesk and you have a Static WAN IP, you can use Sophos UTM’s DNAT (Destination NAT) features.
Create a Definition: Go to Definitions & Users > Network Definitions . Create a definition for the internal machine (e.g., PC-Accounting ). DNAT Rule: Navigate to Network Protection > NAT > DNAT/SNAT . Add New Rule:
Traffic Source: Any (or restrict to specific IP ranges for higher security). Service: TCP 7070 (You may need to create this service definition under Definitions > Services if it doesn't exist). Destination: The Firewall’s External IP (or an Address Group representing your WAN interfaces). Translation: Destination address translates to PC-Accounting .
The Sophos Advantage: Unlike a consumer router, Sophos UTM allows you to restrict the Source . Instead of "Any," limit the rule to the specific IP addresses of your remote employees. If an employee isn't working from home, their IP shouldn't be allowed to touch port 7070. Method 2: The Gold Standard (Site-to-Site VPN) Best for: Connecting branch offices or secure remote workers. AnyDesk works flawlessly over a VPN. Instead of opening ports on your firewall, you should connect the remote user to the network first using Sophos UTM’s SSL VPN or IPsec capabilities. anydesk sophos utm
Configure SSL VPN: Set up the Sophos UTM SSL VPN client. User Connection: The remote user connects to the UTM via the VPN client. They are now virtually inside the office network. AnyDesk Usage: The user opens AnyDesk and connects to the target machine using its local IP address or AnyDesk ID.
Why this is better:
No ports are exposed to the internet. Traffic is encrypted by the VPN tunnel (double encryption if you count AnyDesk’s native encryption). You get full logging and user tracking via the UTM. Remote Access & Security: A Guide to Configuring
Method 3: Managing AnyDesk via Web Proxy (Advanced) Best for: Controlling usage within the office. Often, the concern isn't people connecting in , but employees using AnyDesk out to bypass restrictions or move data insecurely. Sophos UTM Web Proxy can help control this. While AnyDesk uses a proprietary protocol for video transmission, it utilizes standard web ports for the initial handshake and DNS lookups. You can block access to AnyDesk's relay servers if you want to prevent unauthorized remote sessions entirely.
Navigate to Web Filtering > URL Filtering . Add anydesk.com to a block list category. Ensure you have an Application Control (if using the XG/SG firewall engine) or TCP/IP rule blocking port 7070 outbound for users who do not need it.
Security Best Practices for AnyDesk on Sophos UTM Regardless of which connection method you choose, adherence to security protocols is mandatory: 1. Enable Two-Factor Authentication (2FA) AnyDesk supports Two-Factor Authentication. Ensure this is enabled for all clients inside your network. Even if an attacker bypasses your Sophos UTM, they cannot connect to the machine without the 2FA code. 2. Use the Whitelist Feature Within AnyDesk settings, configure the security to "Allow only specific IDs." Input the AnyDesk IDs of authorized administrators or employees. This ensures that even if someone knows the password, their ID is rejected. 3. Unattended Access Security If you are setting up unattended access, use a strong, unique password. Do not use "password123." Sophos UTM can generate logs of failed connection attempts—monitor these logs to detect brute-force attempts on your AnyDesk port forwards. 4. Address Book Management AnyDesk offers an address book feature that syncs with your contacts. Treat this list as sensitive data. If an employee leaves the company, remove their AnyDesk ID from your whitelist immediately and revoke their Sophos UTM VPN account. Conclusion AnyDesk is a powerful tool for productivity, but like all remote access software, it requires diligent management. By integrating AnyDesk with Sophos UTM , you move away from risky "open ports" and towards a Zero Trust architecture where access is verified, encrypted, and logged. Whether you choose DNAT with strict source restrictions or the safer Site-to-Site VPN route, Sophos provides the visibility you need to keep your network safe while keeping your team connected. In this post, we will explore how to
Are you currently using AnyDesk through your Sophos firewall? Let us know your preferred configuration in the comments below!
Technical Paper: Secure Remote Access Using AnyDesk Behind Sophos UTM Document ID: ANYSOP-UTM-2025 Version: 1.0 Category: Network Security / Remote Access Abstract Remote desktop software like AnyDesk offers flexibility and productivity but introduces potential security risks if not properly managed. Sophos UTM provides perimeter security, application control, traffic inspection, and VPN capabilities. This paper explores the architectural integration of AnyDesk with Sophos UTM, configuration best practices, threat mitigation strategies, and policy recommendations for enterprise environments. 1. Introduction Modern organizations require remote access for IT support, telecommuting, and vendor access. AnyDesk is a popular third-party remote access tool due to its speed and cross-platform support. However, allowing outbound AnyDesk connections or inbound remote sessions through a firewall necessitates careful security controls. Sophos UTM acts as a next-generation firewall (NGFW) that can inspect, allow, or block such traffic based on application signatures, user identity, and content. 2. How AnyDesk Communicates – Technical Primer AnyDesk primarily uses two communication modes: