Multiple input paths and traffic regulation

Home Forums Virtualization Terminal Services Multiple input paths and traffic regulation

Viewing 1 post (of 1 total)
  • Author

  • RicklesP

    We have a 2008R2 Remote Desktop server running as a VM, and just about to release access to a small user community (less than 30), but now management wants to open the floodgates to a larger user base. My issue is this: the original plan involves a specific path to reach the RD server, and users connecting thru that path have access to any resources in the domain and beyond, just as they would thru a local, interactive logon at a desktop client. Let’s call that Path A.

    Now we must allow for a new connection (Path B) into the same RD server, but their traffic beyond that server must be restricted (i.e no web browsing beyond our domain limits). The awkward bit is that the same interactive users could be some of the ones using the new path, as well as the old path, but not at the same time.

    So what we want is to block some user-initiated outbound traffic from the server if the user RDP session initiated via Path B, but not block anything if the user initiated via Path A. I thought I remembered reading that a user’s outbound traffic from the RD session always left the server by the NIC that the session came in on, but I can’t find that now. If it’s true, then setting up rules in our ASA should be straight-forward. Otherwise, we go back to the drawing board.

    Any comments?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: