Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Sophos UTM9 and Remotedesktop-Gateway

Posted on 2013-01-23
2
Medium Priority
?
3,473 Views
Last Modified: 2016-02-25
Hello Experts,

I use a privat Sophos UTM 9 / Hardware  / Software Firewall (Astaro).

For testing purpose furthermore I want to access a Remote Desktop Gatewayserver (Windows 2008 R2) via https-RDP (3389 over 443) respectively via Sessionbroker Remotedesktop hosts over Sophos firewall.

I "googled" many Examples treats about Port forwarding Webserver, Fileserver ect. over Sophos Firewall but none about Remotedesktopgateway.

I don't know if my strategy is correct:
---------------------------------------------------
First I need to reserve Port 443 which is Part of VPN Client, Userportal, https to my "Remotedesktopgateway-Service"
Second I must define a host (Remotedesktopgateway), a network (my internal Windows Domain Network which covers my RD, Sessionbrocker ect.), a service (3389 over 443).
Than I'll produce a NAT Rule (DNAT?)  and a Firewall Rule to bypass Fireway for that purpose.

Has anyone realized this szenario with Sophos and 've some hint for me?

Thanks a lot.

reredok
0
Comment
Question by:reredok
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Assisted Solution

by:ArneLovius
ArneLovius earned 800 total points
ID: 38812676
if you are using RD Gateway, it is just HTTPS traffic on port 443 that is being forwarded over the UTM box, the RDP traffic is tunneled over the HTTPS traffic.

However please see this
0
 
LVL 65

Accepted Solution

by:
btan earned 1200 total points
ID: 38813117
As ArneLovius shared, I also see that in order to have Remote Desktop exposed over port 443, you have a two options that I can think of:

1) Use firewall or NAT to expose port 3389 (or event to extend on your target PC) as port 443 to external (Internet) clients - most relatively modern cable/DSL routers have this capability. For RDS,  it definitely need to use RDS gateway as you also stated. On the FW setting for such deployment from MS, pls see (4) of this link @ http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx

2) Change the port Remote Desktop listens on to port 443 - probably requires a change in the Registry (old - http://support.microsoft.com/kb/304304). But not something you will want to touch on client machine

Further add that user has issue using it as well for the RPC over HTTP/S, may want to confirm on FW aspects with principle
http://www.astaro.org/gateway-products/network-protection-firewall-nat-qos-ips/34685-unable-pass-rpc-over-https-trafic-through-web-application-security.html
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This program is used to assist in finding and resolving common problems with wireless connections.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question