Web Application Firewall: Remote Desktop Gateway support
Similar to support for Outlook Anywhere, it would be really beneficial if the WAF allowed for the publishing of Remote Desktop Gateway and handled those methods. RDGOUTDATA followed by RPCINDATA and RPCOUTDATA, and including /RemoteDesktopGateway in the request. It seems like common functionality that many customers must be looking for...
really need this for RD gateway on Windows 2016 (2012R2)
it only works for Win2008
it should not be nessary to request this feature.
Craig Wilson commented
Still not working in UTM 9.506-2
Really need to get this working folks..
Is there any update on when this feature will *fully* support server 2012 R2 native RPC functionality in WAF. The workaround allows you to use WAF to publish RDWeb and RDG in 2008 fallback mode, but this prevents the UDP transport and session optimisation features for RD 2012 R2 from working. Server 2016 is now out and we can still only deploy RDG functionality from 9 years ago??
David Schreider commented
I am also trying to use WAF to connect single public IP on 443 to Server1(Exchange/owa/ecp/RDGateway) as well as running remote desktop services/RDWeb on Server2
I am able to get everything but RDGateway to work. It will not establish a connection. Both servers running Server 2016
Johnny Braun commented
Same problem consists also in 2017 with 9.501...
WAF is not able to forward RD Gateway to a Server 2016.
Stubenrauch Gerhard commented
I need this feature für Microsoft RDP Gateway
Note that all of these ideas seem to be the same, and the last topic in the list has a response that it is already possible:
Web Application Firewall: Remote Desktop Gateway support (201 votes)
ID33532 9.209 RDWeb via WAF is not possible on customers site (10 votes)
Enable the use of the WAF as a front end for Remote Desktop Gateway.(13 votes)
Web Applikation Firewall: Web-Access for Remote Desktop (6 votes)
Web Application Security: Remote Desktop Support (90 votes)
In reply to the last topic, Sophos says:
ALREADY POSSIBLE ·
Alan ToewsAlan Toews (Sr. Product Manager, Sophos Features & Ideas Laboratory) responded
Enabling Outlook anywhere support in UTM WAF will allow MSRPC over HTML support, which is all that is necessary to support MS RDP services
I am frustrated that this is still an issue with firmware 9.4.
Joel Baker commented
Being able to use web publishing was the primary reason for using a UTM over cheaper alternatives like SonicWALL. Now that it no longer works for server 2012r2, my clients can no longer use the web publishing feature and they have to NAT to a single server instead. Can no longer justify the extra cost of the UTM. Come on guys, surely you can extend the feature to support 2012R2 RDG and then get some sales back!!!
Come on, you really need to pull the proverbial finger out here and sort this bit of key functionally out that A LOT of people actually need to use. It's absolutely mind boggling that this functionality is missing in the first place. UTM is a great product but the lack of this feature lets it down massively, so please, please, please make Remote Desktop Gateway services working through the WAF! :)
Joel Baker commented
Feature used a lot with small business clients on SBS 2011, need the same functionality for 2012 R2.
need rpg over https
need it realy!!!
Martin Tarala commented
User giomoda has found the cause of the iOS/Adrroid RD gateway problem. https://www.astaro.org/gateway-products/web-protection-web-filtering-application-visibility-control/52573-rdp-via-android-ios-application-blocked-utm.html#post280117
It looks like a tweak to the Web interface for firewall exceptions will fix the problem.
I configured WAF for Server 2012 R2 Remotedesktop Gateway. I'm able to connect with the Windows 7 Integrated Remotedesktopclient. But The Windows 8 / iOS / Andoid Remotedesktopclient didn't work. It couldn't be so hard to fix this. Please do IT!
Markus Greiner commented
This feature is important, because with the remote desktop gateway I hope to use the remote desktop client apps on ios and windows.
I need to update my current UTM's, and it won't be with Sophos unless this feature can be added very soon
Please add a pass through RPC RDP Gateway Traffic feature to the WAF like Outlook Anywhere