thanks for all the suggestions folks! While very nitchy and sure not to be a wildly popular function, it would be nice to see, "policy-routing/nating" based on matching an ACL which can make decisions based on data from the higher layers.
his set up is one comprised solely of virtual hosts and networks (excluding the router/firewall which run on its own hardware) under an ESX environment. They have about 12 customers and each has VMs and their own L2 network and hosts. For now it looks as if the jump host will be the best go. Have one set up where all the clients connect to and based upon who they log in as, will determined what they see/have access to. The VPN idea is a good one but they would rather not add more gears to the machine which may generate support issues. thanks again and have a great weekend, greg On Thu, Mar 27, 2014 at 6:37 PM, Jonathan Bainbridge <[email protected]>wrote: > Remote Desktop Gateway, built into Windows 2008 and 2012. Put it behind > the pfSense, port forward the rdp port to the RDG. It authenticates the > user and the user can connect to any internal machine. > In the Remote Desktop Connection you can enter the information for the > RDG. Protect using an SSL on the RDG. > Bonus, you can also setup Remote Desktop Web Services so you can have > programs on Terminal Services available... Note, that part DOES require IE. > On Mar 27, 2014 2:37 PM, "greg whynott" <[email protected]> wrote: > >> Hello, >> >> I'm not very familiar with TMG from Microsoft but a client I am helping >> migrate to pfsense from TMG has asked me if they'll be able to use the RDP >> port forward in the same way as TMG handles it. >> >> >> Apparently there is a function within TMG which acts similar to named >> based virtual web hosts, where it parses the DNS name from the request and >> makes a forwarding decision based on that bit of information. >> >> For example, the firewall only has 1 public IP facing the internet. >> >> if you RDP to: you'll land on the internal server: >> >> host1.foo.com 10.101.1.2 >> host2.foo.com 10.101.3.4 >> host3.foo.com 10.101.1.8 >> >> >> host1,2 and 3 all resolve to the same public IP. And we are not >> specifying ports. >> >> That is the behaviour he is hoping to achieve, where he can RDP to >> various internal machines without referencing ports. >> >> >> Sound do-able? If pfsense can not do this, are you aware of anything >> out there that can aside from TMG? >> >> -g >> >> >> >> >> >> >> >> _______________________________________________ >> List mailing list >> [email protected] >> https://lists.pfsense.org/mailman/listinfo/list >> > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
