Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

RD WEb Windows 2008R2

Posted on 2013-12-19
5
Medium Priority
?
1,370 Views
Last Modified: 2014-01-14
I am looking to configure RDweb.  I have two questions can I configure RDWeb SSL if we have one public IP address that points to our internal Exchange.  Can I change the SSL listening port and use port forwarding.  Second Question is on our Sonicwall Do I have to open up RDP from Wan interface so users can RDP to there computer?

Thanks in advance..
0
Comment
Question by:mbaez2009
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 26

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39731536
Hi mbaez2009,

...can I configure RDWeb SSL if we have one public IP address that points to our internal Exchange.  Can I change the SSL listening port and use port forwarding.
Apart from the certificate, are you going to be publishing a Full Desktop or a RemoteApp? Keep in mind that when publishing a Full Desktop using RD Web Access you cannot get rid of the security warning and you will not be able to make it SSO.

This is explained here: http://microsoftplatform.blogspot.com/2011/05/rd-webaccess-and-unknown-publisher.html

Furthermore, this explains even more about RDS and certificates in general: http://blog.kristinlgriffin.com/2010/08/minimum-certificate-requirements-for.html

You could do a wildcard for the SSL too.

...on our Sonicwall Do I have to open up RDP from Wan interface so users can RDP to there computer?
If you use RDWeb and RD Gateway then all you need is TCP port 443.  If you only use RDWeb then you would need TCP port 443 for RDWeb and TCP port 3389 (by default) for RDP, but I'd recommend installing RD Gateway if you have not already done so because with that installed traffic flows through 443 rather than 3389, which is a widely known networking attack vulnerability (not recommended to open 3389 ever!). Here are some guides for installing RD Gateway:

Here are a list of ports used in an RDS deployment: http://social.technet.microsoft.com/wiki/contents/articles/16164.what-ports-are-used-by-a-rds-deployment.aspx This means again if you use RD Gateway REWeb will operate over TS Gateway on port 443, which will be the only port needing to be forwarded.

Provided that you have different servers for Exchange and RDWeb, you can forward a different port, say 444, on your external IP to 443 on the internal IP of your RDWeb box. This allows you to leave 443 on the external IP forwarding to 443 on the internal IP of your Exchange box.

This only requires a single external IP. The only difference is when connecting to your RDWeb gateway (from outside) the URL will have to specify the external port number that you chose when creating the second NAT rule:
1.1.1.1:443 = <internal_IP1>:443  (NAT Policy for Exchange)
1.1.1.1:444 = <internal_IP2>:443  (NAT Policy for RDWeb)
Let me know how it goes!
0
 

Author Comment

by:mbaez2009
ID: 39731758
I will be using it for bot RDweb and apps.  Where should I put the Gateway Server.  I setup the session host on a terminal Server.
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 39732406
Ideally you would go for 2012 R2 instead of 2008 R2 as RDP in general is WAY WAY better and the setup WAY easier.
My home setup for example uses RD Web Access and RD Gateway on the same machine, with only port TCP 443 opened from the external interface to the internal IP of that particular server.
In total I have three machines (VMs).
- Domain Controller and RD Connection Broker on VM1.
- RD Web Access and RD Gateway on VM2.
- RD Session Host on VM3.
Wildcard certificate used (single certificate so I can use on all VMs).
Clients can connect to anywhere over port 443 (iOS, Android, Mac, Windows 7/8/8.1).

CR
0
 

Author Comment

by:mbaez2009
ID: 39732456
Ok Thanks I have to different clients to implement so I will play with both.
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39738999
Any updates?
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
In this article, we’ll look at how to deploy ProxySQL.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question