Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Answers 3 answers
  • Subscribers 31 subscribers
  • Views 34213 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Server 2016 Remote Web Workplace and Remote Desktop Gateway using WAF

Nico Verheyen

 Hi

I have a Server 2016 Standard server with the Essential options enabled. I try now to enable both Remote Web Workplace and Remote Desktop Gateway.

I've used following KB:

https://community.sophos.com/kb/en-us/126103

both policy work individualy, but not together. The KB sugest to setup 2 policies, but then I cannot use the same DNS name in Domains section. It will error.

I tryed several combinations of policy settings. either RWW or RDG works, but never together.

I could setup a policy with only NAT. It works, but then i have no protection.

Any sugestions?

Nico.



This thread was automatically locked due to age.
Parents
  • +1

    This is the combined policy and one rule solution of https://community.sophos.com/kb/en-us/126103 for use with one FQDN for both RD Web and RD Gateway services. It has been tested with Windows 2012R2. Per Nico's post each KB126103 policy worked with Windows 2016 seperatly for each service, so this combined policy and one rule solution should work. Please post if this works for Windows 2016. 

     

    Configure Protection Policy

    First we need to set up the combined RDS Web Access Protection and RDS Web Gateway Protection policy.

    RDS Web Gateway Protection Policy Configuration

      1. Navigate to Web Server > Protection Policies and click Add.
      2. Fill in the fields as shown below.

      • Name: Microsoft RD Web Gateway 2012R2
      • Pass Outlook Anywhere: Enabled
      • Mode: Reject
      • Static URL Hardening: Enabled
        • /rpc/*
        • /rpcWithCert/*
        • /rpc/rpcproxy.dll?localhost:3388
        • /rpc/rpcproxy.dll
      • Form Hardening: Disabled
      • Antivirus: Disabled
      • Block clients with bad reputation: Enabled
      • Skip remote lookups for clients with bad reputation: Disabled
      • Common Threat Filter: Enabled (All Selected)
      • Rigid Filtering: Disabled
      • Skip Filter Rules:
        • 960032
        • 960035
        • 960911
        • 981172 (added from RD Web Specific policy)
        • 981176
        • 981204
    2. Click on Save.

    Configure Firewall rule

    RDS Web Access Rule

    1. Navigate to Firewall.
    2. Click Add Firewall Rule and select Business Application Rule from the drop down menu.
    3. Select the Microsoft Remote Desktop Gateway 2008 and R2 template
    4. Fill in the required details:
      • Rule Name
      • Hosted Address
      • Listening Port
      • Certificate
      • Domains
      • Protected Server
    5. Go to Exceptions
      • Add Path /RDWeb/*
      • Set Sources
      • Check Static URL Hardening
      • Click Save
      • (You can also add additional exceptions for lowercase variations such as /rdweb/)
    6. Go to the Advanced section at the bottom of the Firewall rule and click the drop-down box beneath to Protection.
    7. Now select Microsoft RD Web Gateway 2012R2
  • 0 in reply to AADD

    AADD.

     

    Thank your four your findings and i can confirmed that it worked with Windows Server 2016 RD Gateway, Just some small tweaks if I remember correctly.

     

    Thanks

    Rickard

Reply Children
No Data