Server 2016 Remote Web Workplace and Remote Desktop Gateway using WAF

Question

Hi 
 I have a Server 2016 Standard server with the Essential options enabled. I try now to enable both Remote Web Workplace and Remote Desktop Gateway. 
 I've used following KB: 
 https://community.sophos.com/kb/en-us/126103 
 both policy work individualy, but not together. The KB sugest to setup 2 policies, but then I cannot use the same DNS name in Domains section. It will error. 
 I tryed several combinations of policy settings. either RWW or RDG works, but never together. 
 I could setup a policy with only NAT. It works, but then i have no protection. 
 Any sugestions? 
 Nico.

AADD · Answer

This is the combined policy and one rule solution of https://community.sophos.com/kb/en-us/126103 for use with one FQDN for both RD Web and RD Gateway services. It has been tested with Windows 2012R2. Per Nico's post each KB126103 policy worked with Windows 2016 seperatly for each service, so this combined policy and one rule solution should work. Please post if this works for Windows 2016. 
 
 Configure Protection Policy 
 First we need to set up the combined RDS Web Access Protection and RDS Web Gateway Protection policy. 
 RDS Web Gateway Protection Policy Configuration

Navigate to Web Server > Protection Policies and click Add . 
 Fill in the fields as shown below.

Name: Microsoft RD Web Gateway 2012R2 
 Pass Outlook Anywhere: Enabled 
 Mode: Reject 
 Static URL Hardening: Enabled
 
 /rpc/* 
 /rpcWithCert/* 
 /rpc/rpcproxy.dll?localhost:3388 
 /rpc/rpcproxy.dll

Form Hardening: Disabled 
 Antivirus: Disabled 
 Block clients with bad reputation: Enabled 
 Skip remote lookups for clients with bad reputation: Disabled 
 Common Threat Filter: Enabled (All Selected) 
 Rigid Filtering: Disabled 
 Skip Filter Rules: 
 
 960032 
 960035 
 960911 
 981172 (added from RD Web Specific policy) 
 981176 
 981204

Click on Save . 
 
 Configure Firewall rule 
 RDS Web Access Rule 
 
 Navigate to Firewall. 
 Click Add Firewall Rule and select Business Application Rule from the drop down menu. 
 Select the Microsoft Remote Desktop Gateway 2008 and R2 template 
 Fill in the required details:
 
 Rule Name 
 Hosted Address 
 Listening Port 
 Certificate 
 Domains 
 Protected Server

Go to Exceptions 
 
 Add Path /RDWeb/* 
 Set Sources 
 Check Static URL Hardening 
 Click Save 
 (You can also add additional exceptions for lowercase variations such as /rdweb/)

Go to the Advanced section at the bottom of the Firewall rule and click the drop-down box beneath to Protection. 
 Now select Microsoft RD Web Gateway 2012R2

sachingurung · Answer

Hi Luk, 
 As per our conversation, there is no plan to implement new features in the upcoming releases as we are explicitly focusing on polishing the present features of the XG firewall. 
 Thanks

juergenb52 · Answer

Hi, 
 i want to spare some Information that i got hold of today. 
 Internal sales of Sophos said: not before 2019

Server 2016 Remote Web Workplace and Remote Desktop Gateway using WAF

Configure Firewall rules

Configure Firewall rules