Microsoft Remote desktop service server with captive portal on PA200.

Reply
L3 Networker

Microsoft Remote desktop service server with captive portal on PA200.

Hi

PA200 PANOS-7.03

Working Production Config:

I have captive portal working with local users. User are in 4 groups (1 to 4) . There are 4 url profiles(1 to 4) associated with 4 local user groups. When user tries to go to any site via browser he get prompted for username/pass. Once authenticated user can browse as per 4 secrutiy policies for brwosing with url profile implemented.

user mapping shows user name and there ip.

 show user ip-user-mapping all

IP              Vsys   From    User                             IdleTimeout(s) MaxTimeout(s)
--------------- ------ ------- -------------------------------- -------------- -------------
172.29.15.92    vsys1  CP      abc1                           28332          28332        
172.29.5.24     vsys1  CP      abc2                             33428          33428        
172.29.15.59    vsys1  CP      abc3                              31339          31339        
172.29.5.39     vsys1  CP      abc4                            31447          31447

 

Change Required:

Configure Microsoft Remote Desktop Service(RDS) server so all the user connect to this RDS server and this server goes out on internet to get data.

But now there is only 1 IP which is server IP going out. So how would captive portal,url filtering will behave/work.

 

L7 Applicator

Re: Microsoft Remote desktop service server with captive portal on PA200.

You need to download Terminal Server Agent from support portal and install it on terminal server.

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Install-and-Configure-Terminal-Se...

 

In this case every user will get dedicated source port range and by that firewall can identify who is user who initiated traffic out from the server.

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE (3.0, 5.0, 6.0, 7.0), PCNSE (6, 7), PCNSI
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!