Use the Barracuda TS Agent to authenticate users on a Microsoft Terminal Server. The TS Agent is installed as a service on the Microsoft Terminal Server. Each user is assigned a dedicated port range that is transmitted over an SSL-encrypted connection to the Barracuda NextGen Firewall F-Series. This information enables the F-Series to identify individual users even though the traffic is coming from the same source IP address. The TS Agent detects both login and logout events. Users are automatically logged out from the firewall when the Terminal Server is shut down. Citrix Desktop deployments on Windows Terminal Servers are also supported. You can use SSL client certificates to authenticate the remote TS Agent on the Terminal Server, or, if no SSL certificates are configured, allow all incoming SSL connections.
Before You Begin
- Install the Barracuda TS Agent on the Microsoft Terminal Server(s). For instructions, see How to Set Up the Barracuda Terminal Server Agent.
- (Optional) Create SSL client certificates.
- Verify that the Host Firewall rule BOX-AUTH-TSAGENT-SYNC-IN (TCP Port 5050) is present in the Host Firewall Inbound rulelist (CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Host Firewall Rules). You can find the default Host Firewall rules, here: Default Host Firewall Rules.
Configure TS Agent Authentication
On the Barracuda NextGen Firewall F-Series, enable and configure connections with the Barracuda TS Agent.
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
- In the left menu, select TS Agent Authentication.
- Click Lock.
- Set Activate Scheme to Yes.
- Enter Auto Logout After [d] to automatically log out users after a certain number of days.
- (optional) In the TS Agent Certificates section, click +. The TS Agent Certificates window opens.
- Enter the Subject Alternative Name of the SSL client certificate.
Upload the SSL client certificate and click OK.
- (optional) Set Strip Domain Name to Yes. E.g., MYDOMAIN\myuser will become myuser.
- In the TS Agent IP Addresses section, add the IP addresses for the Microsoft Terminal Server the TS Agent is running on.
- Click Send Changes and Activate.