It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure TS Agent Authentication

  • Last updated on

The Barracuda TS Agent is the connector between various Barracuda Networks products and Microsoft Terminal Servers to transparently monitor user authentication. Because the source IP address for all users on the terminal server is the same, the Barracuda TS Agent assigns each user a specific port range and sends this mapping information to the firewall. The firewall can now check the source port of a TCP or UDP packet from the Terminal Server and, with the port-user information from the TS Agent, determine the username and group context. Connections with the Barracuda TS Agent are SSL encrypted. Mapping information for users is sent only after connections are established. The Barracuda TS Agent also writes a debug log that helps you monitor your Terminal Server and identify possible problems. You can use SSL client certificates to authenticate the remote TS Agent on the Terminal Server. If no SSL certificates are configured, all incoming SSL connections from the server are allowed. TS Agent authentication with automatic port mapping does NOT work for SMB sessions on TCP port 445 and 139. Depending on the firewall size, you may have to balance Terminal Server Agents (250 or more) to multiple firewalls.

ts_agent_auth.gif

Before You Begin

 

  • Install the Barracuda TS Agent on the Microsoft Terminal Server(s). For instructions, see How to Set Up the Barracuda Terminal Server Agent.
  • (Optional) Create SSL client certificates.
  • Verify that the Host Firewall rule BOX-AUTH-TSAGENT-SYNC-IN (TCP Port 5050) is present in the Host Firewall Inbound rule list (CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Host Firewall Rules). You can find the default Host Firewall rules here: Default Host Firewall Rules.

Configure TS Agent Authentication

On the Barracuda CloudGen Firewall, enable and configure connections with the Barracuda TS Agent.

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
  2. In the left menu, select TS Agent Authentication.
  3. Click Lock.
  4. Set Activate Scheme to Yes.
  5. Enter Auto Logout After [d] to automatically log out users after a certain number of days.
  6. (optional) In the TS Agent Certificates section, click +. The TS Agent Certificates window opens.
    1. Enter the Subject Alternative Name of the SSL client certificate.
    2. Upload the SSL client certificate and click OK.

  7. (optional) Set Strip Domain Name to Yes. E.g., MYDOMAIN\myuser will become myuser.
  8. In the TS Agent IP Addresses section, add the IP addresses for the Microsoft Terminal Server the TS Agent is running on.
  9. Click Send Changes and Activate.