05-14-2020 11:47 PM
Hi,
we intend to purchase a Terminalserver (RDS Server) and therefore want to protect the RDP-access from the Internet (VPN / Homeoffice-use). But within our local network there shouldn`t be a DUO-security-control if we connect to the RDS-Server from our local clients while working in our company.
Is there a solution for this scenario? Maybe there is a filtering option in relation to the IP-address of the VPN-clients possible?
Thanks
05-15-2020 04:50 PM
You don’t even need VPN when using it for RDS as RDS has its own SSL gateway, though it won’t hurt except for reduced performance.
Set up RDS the way it should be: RD Gateway, RD Broker/Connection, RD Session Host.
Put Duo for RD Gateway on the RD Gateway server. Create a policy to trust the IP address of you work’s network.
When someone outside of your work’s network tries to reach your RDG, Duo will prompt.
When someone inside of your work’s network tries to reach your RDG, Duo will NOT prompt due to the policy you created.
This has been my setup since 2018. Good luck!
05-15-2020 11:19 PM
Alright. Many Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide