How to Configure a Web Application Proxy for a Remote Desktop Gateway
Configuring a Web Application Proxy for a Remote Desktop Gateway boosts security and performance. Follow the detailed steps in this post. Besides, AnyViewer simplifies this, offering secure, user-friendly remote desktop access with built-in proxy support.
What is a Remote Desktop Gateway?
A Remote Desktop Gateway allows users to connect to remote computers on a corporate network from any external device. It uses the Remote Desktop Protocol (RDP) over HTTPS, creating a secure, encrypted connection between remote users and internal network resources.
The role of a Web Application Proxy
A Web Application Proxy (WAP) acts as an intermediary between external users and internal resources, providing an additional layer of security. Here's how it functions in the context of an RD Gateway:
- Authentication: WAP authenticates users before their connection requests reach the RD Gateway, ensuring only authorized users can access the network.
- SSL termination: It handles SSL termination, decrypting SSL/TLS traffic from the client and then re-encrypting it before forwarding it to the RD Gateway. This reduces the processing burden on the RD Gateway.
- Conditional access: WAP can enforce conditional access policies, such as requiring multi-factor authentication (MFA) or checking the health status of the device before allowing access.
- Publishing applications: WAP can publish other web applications alongside the RD Gateway, providing a unified access point for various services.
Benefits of using a Web Application Proxy with RD Gateway
Combining a Web Application Proxy (WAP) with a Remote Desktop Gateway (RDG) offers several advantages for organizations seeking to enhance security, streamline access, and improve user experience. Here are the key benefits of using WAP with RD Gateway:
Enhanced security
- Multi-layered authentication: Combining WAP with RD Gateway provides robust multi-factor authentication, significantly reducing the risk of unauthorized access.
- Pre-authentication: WAP pre-authenticates users, preventing unauthorized traffic from reaching the RD Gateway.
- SSL offloading: By offloading SSL encryption and decryption to the WAP, the RD Gateway can perform more efficiently, focusing on managing RDP sessions.
Improved performance
- Load balancing: WAP can distribute traffic across multiple RD Gateways, ensuring balanced loads and preventing any single gateway from becoming a bottleneck.
- Caching: WAP can cache static content, reducing the load on internal servers and improving response times for users.
Simplified access management
- Unified access point: WAP provides a single URL for accessing multiple services, simplifying user access and management.
- Conditional access policies: Enforcing conditional access through WAP ensures that only compliant devices and authenticated users can access sensitive resources.
Steps to configure a Web Application Proxy for a Remote Desktop Gateway
Follow these steps to publish the RD Gateway behind the Web Application Proxy:
Part 1. Add a Relying Trust to Active Directory Federation Services for Web Application Proxy
Step 1. On your ADFS Server, navigate to Administrative Tools > AD FS Management > AD FS > Trust Relationships > Relying Party Trusts and select Add Relying Party Trust.
Step 2. Click Next.
Step 3. Select Enter data about the relying party trust manually, then click Next.
Step 4. Provide a name for the trust, then click Next.
Step 5. Select AD FS Profile, then click Next.
Step 6. Click Next.
Step 7. Click Next again.
Step 8. Add the URL to access Remote Desktop Web Access as an identifier, then click Next.
Step 9. Choose I do not want to configure multi-factor authentication settings for this relying party trust at this time, then click Next.
Step 10. Select Permit all users to access this relying party, then click Next.
Step 11. Click Next.
Step 12. Uncheck Open the Edit Claim Rules dialog for this relying party trust when the wizard closes, then click Close.
Step 13. Verify that your relying party trust is listed and note its name.
Part 2. Configure Web Application Proxy to publish Remote Desktop Web Access
Step 1. Connect to your WAP server and open the Remote Access Management console.
Step 2. In the left pane, select Web Application Proxy, then in the right pane, click Publish to open the Publish New Application wizard.
Step 3. Click Next.
Step 4. For pre-authentication, select Active Directory Federation Services (AD FS), and click Next.
Step 5. Select the Relying Party Trust you created in AD FS and click Next.
Step 6. In the wizard, configure the following fields:
- Enter a name for this published application (for internal use only).
- Enter the external URL that users will use to access your RD Gateway/RD Web Access installations. Then, select the certificate used by your RD Gateway.
Step 7. Ensure that the back-end server URL matches the external URL. In the confirmation window, click Publish.
Step 8. In the Results window, click Close to complete the settings in the wizard.
Step 9. Customize the settings for the published web proxy using the following PowerShell commands:
Setting |
Command |
DisableHttpOnlyCookieProtection |
Get-WebApplicationProxyApplication -Name rdg | Set-WebApplicationProxyApplication -DisableHttpOnlyCookieProtection |
InactiveTransactionsTimeoutSec |
Get-WebApplicationProxyApplication -Name rdg | Set-WebApplicationProxyApplication -InactiveTransactionsTimeoutSec 28800 |
AnyViewer: Simplify remote desktop access with a built-in proxy
Using a proxy for remote desktop access over the internet enhances both the feasibility and security of your connection by circumventing firewalls and avoiding exposure to the public internet. This method simplifies, secures, and improves the efficiency of remote connections for businesses.
Instead of following complex technical steps, it's recommended to utilize software that integrates a built-in proxy for remote desktop access, such as AnyViewer. It facilitates seamless connections to computers over the Internet. Designed for IT professionals, it enables secure remote sessions using a robust proxy. This remote access software ensures the relay and protection of communications between network devices and external users, allowing for efficient management of devices outside the LAN environment.
Steps to set up and use a proxy with AnyViewer:
Step 1. Download and install AnyViewer
Install AnyViewer on both your local and remote computers. Then, log in to your AnyViewer Enterprise account on both machines.
Step 2. Configure proxy settings
On your local device, navigate to Settings > Network, and enter the required proxy settings. Enable the proxy by clicking on the corresponding option.
Step 3. Establish a remote connection
Locate the remote computer in the device list under the Device tab. Click on One-click control to initiate a remote desktop session over the internet.
The bottom line
Configuring a Web Application Proxy for a Remote Desktop Gateway enhances security, performance, and access management. By combining WAP with RD Gateway, organizations benefit from multi-layered authentication, pre-authentication, SSL offloading, load balancing, caching, and unified access points.
For simplified setup and enhanced security, consider using AnyViewer, a robust remote desktop software with built-in proxy support. It offers an efficient and user-friendly solution for remote connections, ensuring secure communication and easy management of devices outside the local network. AnyViewer makes it simple to establish secure remote desktop sessions over the internet.