locked
TS Gateway, RRS feed

  • Question

  • Hello,
    well i am sure that the answer is supposed to be really simple, but i spent 3 hours on it without finding a solution.

    In my case i have:
     
        -    terminal server                               = ts01
        -    terminal server gateway server     = tsgw01
        -    computer with RDC 6.1                   = pc01

    pc01 is located for example at home
    ts01 and tsgw01 in datacenter

    gateway is working fine, everything is nice and shiny but...

    When i am connecting to ts01 i am putting a terminal server gateway tsgw01. That helps me to get in with encripted connection using the tsgw01 policies. But if i will connect to ts01 without puting the default gateway checkbox i am getting my rdc session as well.

    So how can restrict ts01 to accept connections from pc01 only if the gteway checkbox is on? pc01 cannot be in my domain.

    I did not find any redirection in a gateway manager, so as far as i understood pc01 should connect to ts01...

    P.S. maybe you know other ways to get SSL working for terminal services? exept expensive hardware firewall solutions:)

    Thank you very much in advance
    Wednesday, March 25, 2009 3:36 PM

Answers

  • The whole idea of TSGateway is to protect your internal network.  There is absolutely no reason you need to have 3389 open to any of your internal servers.  TSGateway will take care of that for you.
    Wednesday, March 25, 2009 11:05 PM

All replies

  • So you're saying your datacenter is unprotected?  No firewall no nothing to block incoming requests?
    Wednesday, March 25, 2009 4:53 PM
  •  Wait a second.

    Datacenter is protected, but port 3389 is opened for tc01.

    So the idea is to block it? Then the user will log on to terminal server, but without a possibility to reach it it will be routed through tsgw01 to ts01 without any additional settingS?

    Wednesday, March 25, 2009 9:12 PM
  • The whole idea of TSGateway is to protect your internal network.  There is absolutely no reason you need to have 3389 open to any of your internal servers.  TSGateway will take care of that for you.
    Wednesday, March 25, 2009 11:05 PM
  • Thank you Jeff. I tested it and it really works. It was really hard for me to believe that it will do with just a settings we  have inside of the ts gateway manager. Was too easy that's why i was suspective.

     

    Thursday, March 26, 2009 8:38 AM