Hi All,
I'm about to publish a RD server via a RD Gateway (both servers will be Windows 2008 R2).
My plan is to place the RDG server in the DMZ (we don't use ISA) and join the RDG server to the domain (we need to authenticate domain users). The RD server will be placed on the internal network and also joined to the domain.
The users will need to log on via a web page, so I plan to install the RD Web access role and the RDG role on the same server. The RDG server will have a public DNS name - remote.domain.com, with a public certificate (we do not want to use self-signed certificates).
Is it correctly understood that I can use the same public certificate for both server roles, when the roles are placed on the same server?
And I will need just one IP adress for the RDG / RD web access server?
And I will need the following port openings in my firewall?
From internet to RDG server:
Port 80 + 443 (TCP)
From RDG to RD server on internal network:
Port 3389 (TCP).
Port 24158 (TCP). WMI traffic - I intend to "lock" this port on RDG and RD server.
From RDG to domain controller on internal network:
Port 88 (TCP).
Port 135 (TCP).
TCP (Port on which NTDS RPC service listens on AD) - I intend to use port 8600 and "lock" this port on the DC.
Port 389 (TCP + UDP).
Port 53 (UDP).
Are those all the ports I need?
Anything else I need to be aware of? Thanks!