I have been using the F5 to LB between 2 Microsoft RDS Gateways and works fine for both desktops and published apps.
I now need to use an iRule to block web page access on the RDS gateway for some network addresses and destination uri.
this works fine and only expected networks can load the web login page supplied by the gateways but when i select one of the published apps I see the F5 trying to connect directly to the server in the farm on port 3389. prior to using iRules the 3389 connection was initiated by the RDS gateway as expected.
its not the iRule causing the issue but we need to use iRule to inspect uri. To do this we need to decrypt traffic and then re-encrypt to rds gateway. During this process the F5 is seeing the rdp connection within the ssl encapulation and using that information to connect. Can it be modified to not share internal information?
I used the iapp for microsoft rds gateways. This built the virtual host and profiles. In the reconfigure you have the option to bridge ssl, decrypt and re encrypt or decrypt and forward http. We do not allow http on our network so we need to decrypt and re encrypt. I will forward the profile settings if required. Can we add to iRule to prevent udp connection attempt by F5. Thanks for your help here...
I did play with that setting but that just allowed udp protocol through VS on F5 and that is not what should happen...
HTTPS should be used from client to F5 and F5 to RDS gateway. The gateway then forwards the encapsulated udp connection.
I am just in the process of decrypting successful and unsuccessful sessions to see what is being changed. Thanks for your help..
Get Outlook for iOS<>
im not a RDP expert, but i dont expect the F5 the actually turn TCP into UDP if that is what you are seeing. you might see a lost UDP monitor or something like that. or the actual RDP client sending UDP which then is send further.
