Terminal Server Location on DMZ

By razz2 ·
Installing a Windows Server 2003 R2 Terminal Server for external
users and maybe some internal users down the road.

Plan 1 was to install it in a DMZ and change the tsweb and RDP ports
allowing those ports to the DMZ. Then allow the needed windows
ports for logon, GP, Anti-Virus etc between the trusted and the DMZ.

Plan 2: We are now toying with leaving the TS server in the trusted
and simply forwarding the custom ports to the box which is highly
locked down using GP.

I would prefer leaving it in the trusted and have each user VPN into
the watchguard firewall using a client and connect that way, or use a
vpn applience on the DMZ. The customer tested the TSweb & RDP
Client each over the VPN and over a port forward and was very
unhappy with VPN performance. He wants to port forward so, which
would you choose. 2 Ports (in a default the 443 and 3389 which I
would customize) to an extremely locked down box in the trusted or
those 2 to the DMZ/optional port and many more for networking
from the DMZ to the trusted?

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Answers

Share your knowledge
Back to Networks Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums