Use the Barracuda TS Agent to authenticate users on a Microsoft Terminal Server. The TS Agent is installed as a service on the Microsoft Terminal Server. Each user is assigned a dedicated port range that is transmitted over an SSL encrypted connection to the Barracuda NG Firewall. This information enables the Barracuda NG Firewall to identify individual users even though the traffic is coming from the same source IP address. The TS Agent detects both login and logout events. Citrix Desktop deployments on Windows Terminal Servers are also supported. You can use SSL client certificates to authenticate the remote TS Agent on the Terminal Server, or if no SSL certificates are configured, allow all incoming SSL connections.
Before You Begin
- Install the Barracuda TS Agent on the Microsoft Terminal Server(s). For instructions, see How to Set Up the Barracuda Terminal Server Agent.
- (Optional) Create SSL client certificates.
- Verify that the Host Firewall rule BOX-AUTH-TSAGENT-SYNC-IN (TCP Port 5050) is present in the Host Firewall Inbound rulelist (Config > Full Config > Infrastructure Services > Host Firewall Rules). You can find the default Host Firewall rules, here: Default Host Firewall Rules .
Configure TS Agent Authentication
On the Barracuda NG Firewall, enable and configure connections with the Barracuda TS Agent.
- Open the Authentication Service page (Config > Full Config > Infrastructure Services > Authentication Service).
- In the left pane, click TS Agent Authentication.
- Click Lock.
- Set Activate Scheme to Yes.
- Enter Auto Logout After [d] to automatically log out users after a certain number of days.
- (Optional)In the TS Agent Certificates section, click +. The TS Agent Certificates window opens.
- Enter the Subject Alternative Name of the SSL client certificate.
Upload the SSL client certificate.
- (optional) Set Strip Domain Name to Yes. E.g., MYDOMAIN\myuser will become myuser.
- In the TS Agent IP Addresses section, add the IP addresses for the Microsoft Terminal Server the TS Agent is running on.
- Click Send Changes and Activate.