Avatar of choy77
choy77
Flag for Afghanistan asked on

Should I use bypass TS Gateway server for local addresses?

Hi, Installed TS server 2008 64bit.

when a user logs on via RDP they specifiy a server name.

Should bypass ts gateway server for local addresses be ticked or unticked?

Does this have any effect on connectivity, perfomance etc?

Its a quad core wth 24GB ram

Cheers

Chris
Microsoft Server OSWindows Server 2008Windows XP

Avatar of undefined
Last Comment
choy77

8/22/2022 - Mon
Rory de Leur

Explaination from Microsoft:

A Terminal Services Gateway (TS Gateway) server is a type of gateway  that enables authorized users to connect to remote computers on a  corporate network from any computer with an Internet connection. TS  Gateway uses the Remote Desktop Protocol (RDP) along with the HTTPS  protocol to help create a more secure, encrypted connection.
Link: http://windows.microsoft.com/en-US/windows-vista/What-is-a-Terminal-Services-Gateway-server

Answer to your question: Don't use (bypass) a TS Gateway server Internal (local adressing)
davidfencik

There is a small overhead for the enhanced encryption.  With your server specs, you will not notice it.  Depending on your network topology, the added encryption may increase your security.
choy77

ASKER
Sorry davidfencik. Do you mean its ok to use as extra encryption?  Cheers

Your help has saved me hundreds of hours of internet surfing.
fblack61
davidfencik

Yes, it will work, but the connection from the gateway server to the terminal server will not be ssl encrypted.  So, there may be little benefit at little cost.
Rory de Leur

The encryption is only active from the client to the TS gateway, between the TS Gateway and the RDP-host (server) is no encryption. If you want to encrypt RDP in general read the next article.
Article: http://www.windowsecurity.com/articles/Windows_Terminal_Services.html
Rory de Leur

Just missed the post of davidfencik ;-)
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
choy77

ASKER
Thanks. If I do untilck this box the TS becomes unreachable but then again I am waiting for the CA - comodo to authorise the certificate.

would this have an effect saying its unreachable if the cert is not installed correctly?

Thanks
ASKER CERTIFIED SOLUTION
davidfencik

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
choy77

ASKER
Thanks, apart from 3389 are there any other ports that need to be open for TS to work within the firewall?

Thanks again
choy77

ASKER
And getting this error al correct ports are open as far as I can tell.

Please see attachment,
error-TS.png
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
davidfencik

You need TCP 443 open for ssl to go through.
Cláudio Rodrigues

@criple: RDP is an encrypted protocol by design so it is always encrypted, with RDS Gateway or not.
For internal setups I do not bother using the RDP Gateway at all. If RDS Web/RemoteApps are in use, I do use them for both internal/external clients but when internally, I do leave the gateway alone.
Again, RDP is already encrypted (up to FIPS) so internally I see no need whatsoever to do RDP over HTTPS.

Cláudio Rodrigues
Citrix CTP
choy77

ASKER
cert was not installed correctly,

thanks!!
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.