Termial Services Gateway - DMZ or Internal

Posted on 2013-09-20
Medium Priority
Last Modified: 2013-09-23
I'd like to setup a Terminal Services Gateway server to support about 5-10 users.  The software running on this server may be slightly complicated to setup firewall ports to allow traffic from the DMZ to the internal network, but not impossible.  When using TS Gateway is it best to place this server in the DMZ or since this is using secure connections is it safe to go ahead and leave this on the internal network?  I'd like to maintain adequate security since we are a hospital but not quite sure how far to take it?

Question by:CMCITD
LVL 23

Accepted Solution

Ayman Bakr earned 2000 total points
ID: 39510993
TS Gateway needs to be joined to the Internal network domain because it carries out user authentication and authorization. On the other hand, since it has to deal with external users and to minimize security risks it would be inevitable to be placed in the DMZ. But in this case you will have to open ports for Communication to the AD, or otherwise have a domain controller in the DMZ (perhaps RODC to minimize risks).

But the best design would be to place your TS Gateway in the internal network behind ISA in DMZ.
LVL 38

Expert Comment

by:Jian An Lim
ID: 39511000
if you are not just looking at microsoft related solution, you might want to look at a juniper solution SA2000

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question