You need to make sure that the the device access from the WAN side is allowed for the webadmin in System > Administration > Device Access. If you're not creating a Site-to-site VPN, you can create a policy to allow the RDP connections from WAN to LAN and specify the target host in the policy to make a DNAT. I'll pull a screenshot, it's a little vague at the moment.
↧