>Hello,
>
>I have Watchguard firewalls in my office and home which are configured to recognize each other. Whith that in place, I access my office pc using remote desktop connection (mstsc.exe). When I travel, on the other hand, I end up using LogMeIn which passes the firewall (!) and is a clear vulnerability.
>
>We want to establish security for remote desktop access by mobile users using two factor security which cannot be bypassed and is enforced by the firewall. How can this be accomplished?

I'm not sure why you consider LogMeIn a "clear vulnerability". Your LogMeIn office host is sending only outgoing requests to LogMeIn's server farm, which are allowed on most networks. If you want to access it remotely, LogMeIn's servers mediate a connection from your remote computer to your office host.

Network/firewall vulnerabilities are usually counted as open incoming ports/protocols. If you're using LogMeIn or one of its competitors you don't need to open any incoming firewall ports at all. As long as you trust LogMeIn (and their entire business is based on trust), it's more secure than your Watchguard setup, which requires at least one open incoming port.