APM App Tunnel Remote Desktop Setup

Question

I'm trying to get our old Firepass solution working on our LTM right now. Client logs in via two factor auth and is presented with a full webtop. The RDP access is setup as an App Tunnel. The client clicks on the RDP object and it launches the mstsc.exe file without any issues. I'm running into an issue where the resource item applied to the Remote_Desktop App Tunnel only seems to be allowing a Host Name or IP Address. I would like my clients to be able to RDP an entire subnet of addresses (10.10.0.0/16). Anyone know if this is possible when setting up an App Tunnel?

kunjan · Answer

If you leave the parameters field empty, you should be able to connect RDP server as required. Then apply ACL to restrict the target servers.&nbsp;

thexfactor82_91 · Answer

The Parameter field is empty. It is the Destination (Host Name or IP Address) that seems to be required. Can I put a subnet in this field? I've tried entering 10.10.0.0/24 but then it just blanks it out and doesn't work.&nbsp;
&nbsp;
&nbsp;

kunjan · Answer

You can specify a dummy IP there. It uses the Host and port information, if you configure in the parameters list for eg: /v:%HOST%:%PORT%
If not mstsc will be launched and you can specify the target IP address.

thexfactor82_91 · Answer

I believe what you suggested in the first post is what I'm looking for. I want to launch mstsc.exe and give the client the option of connecting to any PC on the network via RDP.&nbsp;
I do not have an ACL applied to the APM so I don't know why it's not working.&nbsp;
If I understand you correctly I should just have to...&nbsp;
Put a dummy IP into the destination fieldLeave the Parameters field emptyApply ACL to APM policy to restrict access to subnet (10.10.0.0/24)
Does this sound correct? The dummy IP in the destination field is confusing to me as when I put my laptop destination IP in this field I am success at connecting to it remotely. I just want to be able to connect to all the laptops and not just mine.&nbsp;

kunjan · Answer

Yes, correct. You can change the target once launched, not just the IP configured.&nbsp;

Forum Discussion

APM App Tunnel Remote Desktop Setup

9 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

Two-Factor Authentication – Remote Desktop Gateway

Remote Desktop Protocol (RDP) using an SSL VPN

Hitting the Easy Button: Securing the Remote Desktop on F5 BIG-IP APM

Lightboard Lessons: Remote Desktop Solution Using BIG-IP APM and Remote Spark

SSL VPN Split Tunneling and Office 365