The purpose of an RD Gateway
A Remote Desktop Gateway acts as the gateway into which external RDP connections connects through to access the Remote Desktop Server. Using a RD Gateway secures the actual Remote Desktop server and limits the potential attacks and exploits aimed at it. With Remote Desktop Gateway installed, you can give your clients the address or DNS name of the gateway server. You can create groupings of servers and allow only certain Windows users or groups access to particular servers.
How to install the RD Gateway service on a Windows 2008 R2 Server
- Install the Remote Desktop Gateway role service via Server Manager. You will need to install the Remote Desktop Services role first.
- Once Remote Desktop Gateway Role service is installed, run Remote Desktop Gateway Manager
- Go into the Policies section and create the Connection Authorization Policy. This is where you setup who’s allowed to log into the RDGateway.
- Go into the Policies section and create the Resource Authorization Policy. This is where you setup what resources can be accessed via RD Gateway and by whom. NOTE: The name and IP addresses that you enter here will be used to match with what the client will type in as the computer name in the RD Client. For example, if you put the server name in the Resource Authorization Policy as MYSERVER, and the RD client is trying to connect to MYSERVER.domain.local, the RD Client will be refused connection DESPITE the two names resolving to the same IP address. You can’t even specify a valid IP address unless it is listed as an allowed resource.
- Right click on the RD Gateway server name and select Properties. A window will come up where you can fine tune the properties. You can use the default settings. However, you need to go into the SSL Certificate tab and install a certificate.
- Enable/Forward TCP Port 443 (SSL port) on your firewall to the RDGateway server.