right.. MS must be proxying the RDP connections then perhaps. I don't have access to a MS setup as such but it would be interesting to do an trace to see to see if the connection is between the TMG and the client, or between the 'real' source and the client. if its between client and real source they must be doing some magic there.
thanks again guys and have a great week! greg On Fri, Mar 28, 2014 at 11:46 PM, Chris Buechler <[email protected]> wrote: > On Fri, Mar 28, 2014 at 9:54 AM, greg whynott <[email protected]> > wrote: > > thanks for all the suggestions folks! While very nitchy and sure not > to be > > a wildly popular function, it would be nice to see, > "policy-routing/nating" > > based on matching an ACL which can make decisions based on data from the > > higher layers. > > > > It's not that simple. What you have to do in the back end for > something along those lines is ugly, you have to terminate the > connection on the firewall, then have a proxy of some sort make the > connection to the back end. Not bad for web servers, web reverse > proxies have been common for quite some time, but for something like > RDP it's ugly. In the described circumstance, it's impossible to know > the hostname until well past the TCP session being established, so > it's impossible to just port forward the TCP connection to the > appropriate back end server. For something like this, Microsoft's > remote desktop gateway is the best bet under the constraints noted > here. > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
