To enable your users to authenticate to your Firebox or XTM device over a Terminal Server or Citrix server, you must configure the authentication settings for terminal services. When you configure these settings, you set the maximum length of time a session can be active and specify the IP address of your Terminal Server or Citrix server. You can specify a maximum of 32 Terminal Services Agents in a Firebox or XTM device configuration.
If your device runs Fireware XTM v11.0–v11.3.x, terminal services is not available and the configuration settings do not appear in Policy Manager.
When you configure the Terminal Services settings, if your users authenticate to your Firebox or XTM device, the device reports the actual IP address of each user who logs in. This enables your device to correctly identify each user who logs in to your network, so the correct security policies can be applied to each user's traffic.
You can use any of your configured authentication server methods (for example, Firebox authentication, Active Directory, or RADIUS) with terminal services. To use single sign-on with terminal services, you must use an Active Directory server.
The single sign-on option for the Terminal Services Agent does not use any of the WatchGuard Single Sign-On solution components (SSO Agent, SSO Client, Event Log Monitor, Exchange Monitor). You do not have to install any of the WatchGuard Single Sign-On components to use the single sign-on option for the Terminal Services Agent.
To configure Authentication Settings for terminal services:
About User Authentication
Set Global Firewall Authentication Values
Enable Single Sign-On (SSO)