asked on Should I use bypass TS Gateway server for local addresses?
Hi, Installed TS server 2008 64bit.
when a user logs on via RDP they specifiy a server name.
Should bypass ts gateway server for local addresses be ticked or unticked?
Does this have any effect on connectivity, perfomance etc?
Its a quad core wth 24GB ram
Cheers
Chris
when a user logs on via RDP they specifiy a server name.
Should bypass ts gateway server for local addresses be ticked or unticked?
Does this have any effect on connectivity, perfomance etc?
Its a quad core wth 24GB ram
Cheers
Chris
Microsoft Server OSWindows Server 2008Windows XP
Last Comment
choy77
There is a small overhead for the enhanced encryption. With your server specs, you will not notice it. Depending on your network topology, the added encryption may increase your security.
ASKER
Sorry davidfencik. Do you mean its ok to use as extra encryption? Cheers
Yes, it will work, but the connection from the gateway server to the terminal server will not be ssl encrypted. So, there may be little benefit at little cost.
The encryption is only active from the client to the TS gateway, between the TS Gateway and the RDP-host (server) is no encryption. If you want to encrypt RDP in general read the next article.
Article: http://www.windowsecurity.com/articles/Windows_Terminal_Services.html
Article: http://www.windowsecurity.com/articles/Windows_Terminal_Services.html
Just missed the post of davidfencik ;-)
ASKER
Thanks. If I do untilck this box the TS becomes unreachable but then again I am waiting for the CA - comodo to authorise the certificate.
would this have an effect saying its unreachable if the cert is not installed correctly?
Thanks
would this have an effect saying its unreachable if the cert is not installed correctly?
Thanks
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks, apart from 3389 are there any other ports that need to be open for TS to work within the firewall?
Thanks again
Thanks again
ASKER
And getting this error al correct ports are open as far as I can tell.
Please see attachment,
error-TS.png
Please see attachment,
error-TS.png
You need TCP 443 open for ssl to go through.
@criple: RDP is an encrypted protocol by design so it is always encrypted, with RDS Gateway or not.
For internal setups I do not bother using the RDP Gateway at all. If RDS Web/RemoteApps are in use, I do use them for both internal/external clients but when internally, I do leave the gateway alone.
Again, RDP is already encrypted (up to FIPS) so internally I see no need whatsoever to do RDP over HTTPS.
Cláudio Rodrigues
Citrix CTP
For internal setups I do not bother using the RDP Gateway at all. If RDS Web/RemoteApps are in use, I do use them for both internal/external clients but when internally, I do leave the gateway alone.
Again, RDP is already encrypted (up to FIPS) so internally I see no need whatsoever to do RDP over HTTPS.
Cláudio Rodrigues
Citrix CTP
ASKER
cert was not installed correctly,
thanks!!
thanks!!
A Terminal Services Gateway (TS Gateway) server is a type of gateway that enables authorized users to connect to remote computers on a corporate network from any computer with an Internet connection. TS Gateway uses the Remote Desktop Protocol (RDP) along with the HTTPS protocol to help create a more secure, encrypted connection.
Link: http://windows.microsoft.com/en-US/windows-vista/What-is-a-Terminal-Services-Gateway-server
Answer to your question: Don't use (bypass) a TS Gateway server Internal (local adressing)