Forum Discussion

f5beginner's avatar
f5beginner
Icon for Cirrostratus rankCirrostratus
Sep 09, 2019

F5 as RDP GW

Hi All,

I'm running BIG-IP version 14.1.0.6.

I want to use F5 as RDP gateway, instead of windows rdp.

I setted up RDP GW via iApp, I created NTLM account.

But it does not work.

Here are logs from F5:

1.1.1.1 Authentication with configuration (/Common/F5_RDP_GW.app/F5_RDP_GW_apm_ntlm_auth_config) result: admin@f5 (PC_IS): Fail (STATUS_NO_LOGON_SERVERS)

It looks problem is in firewall (which blocking ports: 1024-65535). Of course I can open it but, is there any way to set up F5 to comunicate on some specific ports ? Because I do not think that open six tousand ports are very safe.

https://www.techrepublic.com/article/understand-windows-authentication-to-improve-security/

Could you please help me ?

Thank you

3 Replies

  • Hello, you would need to open whatever ports are needed for NTLM which appears to be the one listed in that doc you linked to. You could use Native RDP option instead, but of course this depends on your use case.

  • Hi,

     

    Native RDP is not very secure, because of it we are using comunication via HTTPS. Is there any different type of authentication instead of NTLM, when I want to use F5 as RDP GW ?

     

    Thank you

    • Dave_W's avatar
      Dave_W
      Icon for Employee rankEmployee

      Hello, as of right now the only option is NTLM ( I believe this is a MS limitation at this time). That solution was developed before APM supported Native RDP which why I suggested Native RDP in version 13.1 and above. Even if you use Native RDP the traffic will still go over the HTTPS connection to APM or am I not understanding your concern here?

       

      Also if you look at the APM Operations Guide, Table 5.1, here is a comparison of the options:

       

      https://support.f5.com/csp/article/K08943176#table_01