We typically do not recommend using RDP over VPN; you're essentially trying to tunnel within a tunnel and this can cause connection & performance issues.
If you must, the best advice we can provide for this situation is to bypass the VPN traffic and prioritize it through QoS.
To bypass traffic:
You'll need to create two rules in Config > Network > Bypass Rules.
- The first rule will have the condition Source Interface is OpenVPN and the action 'bypass'.
- The second rule will have the condition Destination Interface is OpenVPN and the action 'bypass'.
- Do not combine these rules into one rule; they must be two separate rules.
Once you have bypassed your VPN, we also recommend bypassing the specific port(s) used by your RDP software. If you're using the built-in Windows RDC, mstsc.exe, it's port 3389. Go to Config > Network > Bypass Rules and create a rule to bypass Destination Port is 3389.
To prioritize the tunnel:
Go to Config > Network > Advanced > QoS > QoS Rules.
Set the 'OpenVPN priority' drop-down to 'Very High'.
This configuration is as transparent as we can make this traffic, which means it passes through the NGFW essentially untouched.Follow