To enable your users to authenticate to your Firebox over a Terminal Server or Citrix server, you must configure the authentication settings for terminal services. When you configure these settings, you set the maximum length of time a session can be active and specify the IP address of your Terminal Server or Citrix server.
You can specify a maximum of 512 Terminal Services Agents in a Firebox configuration. If you specify more than 512 agents, Fireware only recognizes the first 512 agents.
In Fireware v12.7.1 and lower, you can only specify a maximum of 128 Terminal Services Agents.
When you configure the Terminal Services settings, if your users authenticate to your Firebox, the device reports the actual IP address of each user who logs in. This enables your device to correctly identify each user who logs in to your network, so the correct security policies can be applied to each user's traffic.
You can use any of your configured authentication server methods (for example, Firebox authentication, Active Directory, or RADIUS) with terminal services. To use single sign-on with terminal services, you must use an Active Directory server.
The single sign-on option for the Terminal Services Agent does not use any of the WatchGuard Single Sign-On solution components (SSO Agent, SSO Client, Event Log Monitor, Exchange Monitor). You do not have to install any of the WatchGuard Single Sign-On components to use the single sign-on option for the Terminal Services Agent.
In Fireware v11.11 2 and higher, the Backend-Service user account is automatically added to the Users and Groups list when you enable Terminal Services on the Firebox. This user account is used by the Terminal Services agent. For more information, go to Install and Configure the Terminal Services Agent.
- Select Authentication > Terminal Services.
The Terminal Services page appears. - Select the Enable Terminal Services Support check box.
The terminal services settings are enabled.
- In the Session Timeout text box, type the maximum length of time in seconds that the user can be idle before the session times out.
- To add a Terminal Server or Citrix server to the Agent IP list list, in the text box, type the IP address of the server and click Add.
You can add a maximum of 512 Terminal Servers or Citrix servers to the list.
The IP address appears in the Terminal Services Agent IPs list. - To remove a server IP address from the Agent IP list list, select an IP address in the list and click Remove.
- Click Save.
- Open Policy Manager.
- Select Setup > Authentication > Authentication Settings.
The Authentication Settings dialog box appears with the Firewall Authentication tab selected by default. - Select the Terminal Services tab.
- Select the Enable Terminal Services Support check box.
The terminal services settings are enabled.
- In the Session Timeout text box, type or select the maximum length of time in seconds that the user can be idle before the session times out.
- To add a Terminal Server or Citrix server to the Terminal Services Agent IPs List list, in the text box, type the IP address of the server and click Add.
You can add a maximum of 512 Terminal Servers or Citrix servers to the list.
The IP address appears in the Terminal Services Agent IPs list. - To remove a server IP address from the Terminal Services Agent IPs List list, select an IP address in the list and click Remove.
- Click OK.