The TS Agent assigns each user on a Microsoft Terminal Server a port range and distributes the user/port information to a configurable list of CloudGen and X-Series Firewalls. Install and configure the Barracuda TS Agent on your Microsoft Terminal Servers, and Citrix Desktop running on Microsoft Terminal Servers. Then configure your CloudGen Firewall to get user information from the Barracuda TS Agent.
By default, connections with the Barracuda TS Agent are SSL encrypted. To authenticate the remote TS Agent on the terminal server, use SSL client certificates. If no SSL certificates are configured, all incoming SSL connections are accepted.
Supported Systems / System Requirements
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022
Active Directory server (can be installed on the same machine or a different one)
Step 1. Download the Barracuda TS Agent
Download the Barracuda TS Agent from your Barracuda Cloud Control Account.
Log into the Barracuda Download Portal.
In the search bar, enter "Barracuda Terminal Server Agent" and then click Search.
Download the latest Barracuda TS Agent version that is compatible with your system.
Step 2. Install the Barracuda TS Agent
Install and configure the Barracuda TS Agent on your Microsoft Terminal Server. Specify the IP addresses of the firewalls that the TS Agent must communicate with.
Start the setup.exe file (or the Terminal Server Agent.msi package if you need an MSI installation package).
Complete the installation wizard.
After the setup finishes, reboot your server.
Launch TS Agent Monitor from the Windows start menu. The configuration interface of the Terminal Server Agent opens.
In the List of Barracuda Unit(s) IPs section, click the folder icon and enter the management IP addresses of the firewalls that the Barracuda TS Agent must communicate with.
If required, change the default configuration settings. For more information on these settings, see the Configuration Options listed below.
Click OK or Apply.
After the TS Agent is installed, restart the server. You must restart the server to get the full functionality of the TS Agent and its security features.
Step 3. Configure Barracuda TS Agent Authentication
To use the TS Agent for authentication, configure the settings on your firewall. For instructions, see How to Configure TS Agent Authentication.
Configuration Options
In the TS Agent interface, you can change the settings under the Configuration tab for your specific requirements. If your changes require a system restart, you are notified by a warning message in the interface. Any unsaved changes are highlighted in bold text.
Configuration Section | Description |
---|---|
List of Barracuda Unit(s) IPs | The management IP addresses of the firewalls that must receive user information from the Barracuda TS Agent. If the agent cannot establish a connection, it retries until it is successful. If you configured a non-default port, you can add it using the |
Identity | The certificate and private key for communicating with the firewalls. With this certificate, firewalls can verify the identify of the Barracuda TS Agent. |
Port Assignment | The ports that are assigned to users and how to handle connections when ports are not available. You can configure these settings:
|
User Port Range | The port range from which users are assigned their own ranges, excluding any reserved reserved ports. The number of these ranges is the number of users possible on the server. The range must have at least 100 ports, be large enough to hold at least 5 users, and not overlap with the system port range. If you set Prefer to Connectivity, ensure that the user port range does not overlap with the port range displayed in the Windows Default Port Range(s) section. |
System Port Range | The port range for the Microsoft Windows built-in 'System' user. The range must be at least 100 ports and not overlap with the user port range. If you set Prefer to Connectivity, ensure that the system port range does not overlap with the port range displayed in the Windows Default Port Range(s) section. |
Windows Default Port Range(s) | (Read-only) Displays the ephemeral port ranges that are normally used by Windows if the Barracuda TS Agent does not change them. If you set Prefer to Connectivity , ensure that other port ranges do not overlap with the Windows default port range because the Barracuda TS Agent lets the OS assign a port number from the Windows default port range when there are no user or system ports available. |
Advanced | This section offers the option to configure MSAD Domain Controller credentials.
|
View Debug Log Files
Debug log files written by the Barracuda TS Agent are displayed under the Debug Log tab. For more information on the log messages, see Barracuda Terminal Server Agent Debug Log Messages.
Uninstalling the Barracuda TS Agent
To uninstall the Barracuda TS Agent using the InstallShield wizard:
Start the setup.exe file.
In the InstallShield wizard, click Next, and select Remove on the Program Mainenance page.
Complete the wizard to uninstall the Barracuda TS Agent.
To uninstall the Barracuda TS Agent from the Windows Control Panel:
Go to Programs and Features.
In the Uninstall or change a program list, right-click Terminal Server Agent and select Uninstall.
Complete the wizard to uninstall the Barracuda TS Agent.