Friday, July 22, 2011

Publishing Remote Desktop Gateway (RDG) with TMG 2010

I recently had the pleasure of creating an Remote Desktop Services (RDS), Remote Desktop Gateway (RDG) and RemoteApp environment for a client.  This was a bit more technical and involved than I originally envisioned, no thanks to the scant documentation that exists.  I will detail all that in a later blog post, for now I will focus on publishing your RDG, RDS and RA environment through a Microsoft TMG 2010 Firewall.

First we have to create an SSL Listener
  1. Specify an IP address for the Listener
  2. Enable both HTTP and SSL connections
  3. For HTTP to HTTPS redirection select redirect all traffic from HTTP to HTTPS
  4. On the Certificates tab select “Use a single certificate for this web listener” and select an appropriate certificate
  5. Authentication should be set to “No Authentication”
Now we create the actual publishing rule:
  1. Allow
  2. From Anywhere
  3. To – Your RDSG IP or Host – Forward original host header – request appears to come from TMG
  4. Traffic HTTPS
  5. Listener – Select the one we created earlier
  6. Public name – This is the Public DNS name
  7. Paths should be /rdsweb/* and /rpc/*
  8. Authentication delegation – “No Delegation, client may authenticate directly”
These were the steps I had to take to successfully and securely publish the client's RDSG to the internet.  Once again I found the existing documentation to be lacking in the extreme.  Hope this helps someone out there.