2/3/2024 0 Comments Microsoft remote desktop portsTo know which protocol is needed to contact the CRL distribution point for a certificate, open theĬertificate and go to the Details tab and look at the CRL Distribution Points To validate the client certificate during smart card authentication or when the certificate deployed on RD Gateway is an enterprise/standalone CA certificate. Note: The Certificate Revocation List is needed either If RD Gateway is configured withĪ custom authorization plug-in, contact the vendor of the authorization plug-in to find out which firewall rules are required for the RD Gateway authorization.įirewall rules between the perimeter network and the internal network to resolve the internal network resources:įirewall rules between the perimeter network and the internal network to forward RDP packets from client:įirewall rules between the perimeter network and the internal network to contact CRL distribution point to get the certificate revocation list: In Windows Server 2008 R2, RD Gateway can be configured to use non-native authorization methods through a custom authorization plug-in. Is configured with a custom authentication plug-in, contact the vendor of the authentication plug-in to find out which firewall rules are required for RD Gateway authentication.įirewall rules between the perimeter network (RD Gateway) and the internal network (domain controller) to authorize the user: Note: In Windows Server 2008 R2, RD Gateway can be configured to use non-native authentication methods through a custom authentication plug-in. To learn how to configure the registry values on AD for NTDS RPC service ports, see this Finally it makes a connection to the NTDS RPC service.įortunately, the Admin can make the NTDS RPC service on AD listen on a constant port by using a registry key. So RD Gateway talks to RPC Endpoint Mapper which listens on a constant port and gets the NTDS RPC service port number. Not know the port number on which NTDS RPC service is listening. The NTDS RPC service listens on an unused high end port. The RD Gateway server talks to the NT Directory Service (NTDS) RPC service on AD. On the internal firewall when the corresponding traffic (DNS, RADIUDS, RD Gateway Authentication, etc.) destination point is in the internal network.įirewall rules between the perimeter network (RD Gateway) and the internal network (Domain Controller) to authenticate the user: Here are the ports that need to be opened The internal firewall should allow all communication from the RD Gateway server to internal network resources. Port TCP:443 should be opened for allowing HTTPS traffic from the client sitting on the Internet to the RD Gateway server in the perimeter network.Ģ.Firewall rules for the path between the perimeter network and the internal network (Ports that need to be opened.Send RADIUS requests (in a central NPS server scenario)įor your convenience, I have included the Firewall rule configurations required when RD Gateway is in the perimeter network:ġ.Firewall rules for the path between the external network and the perimeter network (Ports that need to be opened Resolve the DSN names of internal resources In this deployment, RD Gateway needs the ports to be opened on the internal firewall for the following purposes: When there is no AD DS in the perimeter network, ideally the servers in the perimeter network should be in a workgroup, but the RD Gateway server has toīe domain-joined because it has to authenticate and authorize corporate domain users and resources. TCP (Port on which NTDS RPC service listens on AD) - I intend to use port 8600 and "lock" this port on the DC.Īnything else I need to be aware of? Thanks!Īccording to your description, I understand that you want to know the required ports opening in your firewall when you publish a RD Web Access and RD Gateway WMI traffic - I intend to "lock" this port on RDG and RD server.įrom RDG to domain controller on internal network: Is it correctly understood that I can use the same public certificate for both server roles, when the roles are placed on the same server?Īnd I will need just one IP adress for the RDG / RD web access server?Īnd I will need the following port openings in my firewall?įrom RDG to RD server on internal network: Public certificate (we do not want to use self-signed certificates). The RDG server will have a public DNS name -, with a The users will need to log on via a web page, so I plan to install the RD Web access role and the RDG role on the same server. The RD server will be placed on the internal network and My plan is to place the RDG server in the DMZ (we don't use ISA) and join the RDG server to the domain (we need to authenticate domain users). I'm about to publish a RD server via a RD Gateway (both servers will be Windows 2008 R2).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |