How to Configure a Web Application Proxy for a Remote Desktop Gateway

Configuring a Web Application Proxy for a Remote Desktop Gateway boosts security and performance. Follow the detailed steps in this post. Besides, AnyViewer simplifies this, offering secure, user-friendly remote desktop access with built-in proxy support.

Ellie

By Ellie / Updated on July 5, 2024

Share this: instagram reddit

What is a Remote Desktop Gateway?

A Remote Desktop Gateway allows users to connect to remote computers on a corporate network from any external device. It uses the Remote Desktop Protocol (RDP) over HTTPS, creating a secure, encrypted connection between remote users and internal network resources.

RD Gateway

The role of a Web Application Proxy

A Web Application Proxy (WAP) acts as an intermediary between external users and internal resources, providing an additional layer of security. Here's how it functions in the context of an RD Gateway:

  • Authentication: WAP authenticates users before their connection requests reach the RD Gateway, ensuring only authorized users can access the network.
  • SSL termination: It handles SSL termination, decrypting SSL/TLS traffic from the client and then re-encrypting it before forwarding it to the RD Gateway. This reduces the processing burden on the RD Gateway.
  • Conditional access: WAP can enforce conditional access policies, such as requiring multi-factor authentication (MFA) or checking the health status of the device before allowing access.
  • Publishing applications: WAP can publish other web applications alongside the RD Gateway, providing a unified access point for various services.

Remote Access Proxy

Benefits of using a Web Application Proxy with RD Gateway

Combining a Web Application Proxy (WAP) with a Remote Desktop Gateway (RDG) offers several advantages for organizations seeking to enhance security, streamline access, and improve user experience. Here are the key benefits of using WAP with RD Gateway:

Enhanced security

  • Multi-layered authentication: Combining WAP with RD Gateway provides robust multi-factor authentication, significantly reducing the risk of unauthorized access.
  • Pre-authentication: WAP pre-authenticates users, preventing unauthorized traffic from reaching the RD Gateway.
  • SSL offloading: By offloading SSL encryption and decryption to the WAP, the RD Gateway can perform more efficiently, focusing on managing RDP sessions.

Improved performance

  • Load balancing: WAP can distribute traffic across multiple RD Gateways, ensuring balanced loads and preventing any single gateway from becoming a bottleneck.
  • Caching: WAP can cache static content, reducing the load on internal servers and improving response times for users.

Simplified access management

  • Unified access point: WAP provides a single URL for accessing multiple services, simplifying user access and management.
  • Conditional access policies: Enforcing conditional access through WAP ensures that only compliant devices and authenticated users can access sensitive resources.

Steps to configure a Web Application Proxy for a Remote Desktop Gateway

Follow these steps to publish the RD Gateway behind the Web Application Proxy:

Part 1. Add a Relying Trust to Active Directory Federation Services for Web Application Proxy

Step 1. On your ADFS Server, navigate to Administrative Tools > AD FS Management > AD FS > Trust Relationships > Relying Party Trusts and select Add Relying Party Trust.

Add Relying Party Trust

Step 2. Click Next.

Start

Step 3. Select Enter data about the relying party trust manually, then click Next.

Enter Data

Step 4. Provide a name for the trust, then click Next.

Display Name

Step 5. Select AD FS Profile, then click Next.

AD FS Profile

Step 6. Click Next.

Certificate

Step 7. Click Next again.

Configure URL

Step 8. Add the URL to access Remote Desktop Web Access as an identifier, then click Next.

Add

Step 9. Choose I do not want to configure multi-factor authentication settings for this relying party trust at this time, then click Next.

Configure Multi-factor Authentication

Step 10. Select Permit all users to access this relying party, then click Next.

Choose Issuance Authenrization Rules

Step 11. Click Next.

Ready to Add Trust

Step 12. Uncheck Open the Edit Claim Rules dialog for this relying party trust when the wizard closes, then click Close.

Finish

Step 13. Verify that your relying party trust is listed and note its name.

List

Part 2. Configure Web Application Proxy to publish Remote Desktop Web Access

Step 1. Connect to your WAP server and open the Remote Access Management console.

Step 2. In the left pane, select Web Application Proxy, then in the right pane, click Publish to open the Publish New Application wizard.

Publish

Step 3. Click Next.

Next

Step 4. For pre-authentication, select Active Directory Federation Services (AD FS), and click Next.

ADFS

Step 5. Select the Relying Party Trust you created in AD FS and click Next.

Relying Party Trust

Step 6. In the wizard, configure the following fields:

  • Enter a name for this published application (for internal use only).
  • Enter the external URL that users will use to access your RD Gateway/RD Web Access installations. Then, select the certificate used by your RD Gateway.

Publishing Settings

Step 7. Ensure that the back-end server URL matches the external URL. In the confirmation window, click Publish.

Confirmation

Step 8. In the Results window, click Close to complete the settings in the wizard.

Close

Step 9. Customize the settings for the published web proxy using the following PowerShell commands:

Setting

Command

DisableHttpOnlyCookieProtection

Get-WebApplicationProxyApplication -Name rdg | Set-WebApplicationProxyApplication -DisableHttpOnlyCookieProtection

InactiveTransactionsTimeoutSec

Get-WebApplicationProxyApplication -Name rdg | Set-WebApplicationProxyApplication -InactiveTransactionsTimeoutSec 28800

Published Web Proxy

AnyViewer: Simplify remote desktop access with a built-in proxy

Using a proxy for remote desktop access over the internet enhances both the feasibility and security of your connection by circumventing firewalls and avoiding exposure to the public internet. This method simplifies, secures, and improves the efficiency of remote connections for businesses.

Instead of following complex technical steps, it's recommended to utilize software that integrates a built-in proxy for remote desktop access, such as AnyViewer. It facilitates seamless connections to computers over the Internet. Designed for IT professionals, it enables secure remote sessions using a robust proxy. This remote access software ensures the relay and protection of communications between network devices and external users, allowing for efficient management of devices outside the LAN environment.

Steps to set up and use a proxy with AnyViewer:

Step 1. Download and install AnyViewer

Install AnyViewer on both your local and remote computers. Then, log in to your AnyViewer Enterprise account on both machines.

Download Freeware Win PCs & Servers
Secure Download

Enterprise Edition

Step 2. Configure proxy settings

On your local device, navigate to Settings > Network, and enter the required proxy settings. Enable the proxy by clicking on the corresponding option.

Proxy Settings

Step 3. Establish a remote connection

Locate the remote computer in the device list under the Device tab. Click on One-click control to initiate a remote desktop session over the internet.

Devices

The bottom line

Configuring a Web Application Proxy for a Remote Desktop Gateway enhances security, performance, and access management. By combining WAP with RD Gateway, organizations benefit from multi-layered authentication, pre-authentication, SSL offloading, load balancing, caching, and unified access points.

For simplified setup and enhanced security, consider using AnyViewer, a robust remote desktop software with built-in proxy support. It offers an efficient and user-friendly solution for remote connections, ensuring secure communication and easy management of devices outside the local network. AnyViewer makes it simple to establish secure remote desktop sessions over the internet.