Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1418
  • Last Modified:

RD WEb Windows 2008R2

I am looking to configure RDweb.  I have two questions can I configure RDWeb SSL if we have one public IP address that points to our internal Exchange.  Can I change the SSL listening port and use port forwarding.  Second Question is on our Sonicwall Do I have to open up RDP from Wan interface so users can RDP to there computer?

Thanks in advance..
0
mbaez2009
Asked:
mbaez2009
  • 2
  • 2
1 Solution
 
Blue Street TechLast KnightsCommented:
Hi mbaez2009,

...can I configure RDWeb SSL if we have one public IP address that points to our internal Exchange.  Can I change the SSL listening port and use port forwarding.
Apart from the certificate, are you going to be publishing a Full Desktop or a RemoteApp? Keep in mind that when publishing a Full Desktop using RD Web Access you cannot get rid of the security warning and you will not be able to make it SSO.

This is explained here: http://microsoftplatform.blogspot.com/2011/05/rd-webaccess-and-unknown-publisher.html

Furthermore, this explains even more about RDS and certificates in general: http://blog.kristinlgriffin.com/2010/08/minimum-certificate-requirements-for.html

You could do a wildcard for the SSL too.

...on our Sonicwall Do I have to open up RDP from Wan interface so users can RDP to there computer?
If you use RDWeb and RD Gateway then all you need is TCP port 443.  If you only use RDWeb then you would need TCP port 443 for RDWeb and TCP port 3389 (by default) for RDP, but I'd recommend installing RD Gateway if you have not already done so because with that installed traffic flows through 443 rather than 3389, which is a widely known networking attack vulnerability (not recommended to open 3389 ever!). Here are some guides for installing RD Gateway:

Here are a list of ports used in an RDS deployment: http://social.technet.microsoft.com/wiki/contents/articles/16164.what-ports-are-used-by-a-rds-deployment.aspx This means again if you use RD Gateway REWeb will operate over TS Gateway on port 443, which will be the only port needing to be forwarded.

Provided that you have different servers for Exchange and RDWeb, you can forward a different port, say 444, on your external IP to 443 on the internal IP of your RDWeb box. This allows you to leave 443 on the external IP forwarding to 443 on the internal IP of your Exchange box.

This only requires a single external IP. The only difference is when connecting to your RDWeb gateway (from outside) the URL will have to specify the external port number that you chose when creating the second NAT rule:
1.1.1.1:443 = <internal_IP1>:443  (NAT Policy for Exchange)
1.1.1.1:444 = <internal_IP2>:443  (NAT Policy for RDWeb)
Let me know how it goes!
0
 
mbaez2009Author Commented:
I will be using it for bot RDweb and apps.  Where should I put the Gateway Server.  I setup the session host on a terminal Server.
0
 
Cláudio RodriguesFounder and CEOCommented:
Ideally you would go for 2012 R2 instead of 2008 R2 as RDP in general is WAY WAY better and the setup WAY easier.
My home setup for example uses RD Web Access and RD Gateway on the same machine, with only port TCP 443 opened from the external interface to the internal IP of that particular server.
In total I have three machines (VMs).
- Domain Controller and RD Connection Broker on VM1.
- RD Web Access and RD Gateway on VM2.
- RD Session Host on VM3.
Wildcard certificate used (single certificate so I can use on all VMs).
Clients can connect to anywhere over port 443 (iOS, Android, Mac, Windows 7/8/8.1).

CR
0
 
mbaez2009Author Commented:
Ok Thanks I have to different clients to implement so I will play with both.
0
 
Blue Street TechLast KnightsCommented:
Any updates?
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now