Networks

Our forums are currently in maintenance mode and the ability to post is disabled. We will be back up and running as soon as possible. Thanks for your patience!

Question

Locked

Terminal Server Location on DMZ

By razz2 ·
Installing a Windows Server 2003 R2 Terminal Server for external
users and maybe some internal users down the road.

Plan 1 was to install it in a DMZ and change the tsweb and RDP ports
allowing those ports to the DMZ. Then allow the needed windows
ports for logon, GP, Anti-Virus etc between the trusted and the DMZ.

Plan 2: We are now toying with leaving the TS server in the trusted
and simply forwarding the custom ports to the box which is highly
locked down using GP.

I would prefer leaving it in the trusted and have each user VPN into
the watchguard firewall using a client and connect that way, or use a
vpn applience on the DMZ. The customer tested the TSweb & RDP
Client each over the VPN and over a port forward and was very
unhappy with VPN performance. He wants to port forward so, which
would you choose. 2 Ports (in a default the 443 and 3389 which I
would customize) to an extremely locked down box in the trusted or
those 2 to the DMZ/optional port and many more for networking
from the DMZ to the trusted?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Share your knowledge

Related Discussions

Related Forums