Solved: Terminal Server Agent for Sourcefire

Christopher Bell · ‎08-14-2017

There are some older posts about this but I didn't really want to chime in on something that was a year old. We use Terminal Servers on our network for remote employees who connect over a VPN. As it stands, I have one URL filtering rule created against the IP addresses of those Terminal Servers rather than using group membership. With the release of the Terminal Server agent, I'm considering deploying it to the terminal servers but last I checked (pre 6.x) the agent was going to require captive portal being configured. Having just went through some of the documentation, I don't see any references to using captive portal for the terminal server agent. I just wanted to confirm that the terminal server agent can be used along side passive authentication (LDAP / AD) and doesn't require a captive portal?

Any feedback on gotchas or issues so far?

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

Oliver Kaiser · ‎08-15-2017

Terminal Server Agent is supported since 6.2.0. Captive portal is not required and passive authentication may be used. TSA assigns a source port range to every user and communicates its ip address + src port range for each user to FMC using REST so your sensor knows the correct user:ip:port mapping to apply identity based rules.

As for issues I am only aware of CSCve61048.

regards

Oliver

View solution in original post

Oliver Kaiser · ‎08-15-2017

Terminal Server Agent is supported since 6.2.0. Captive portal is not required and passive authentication may be used. TSA assigns a source port range to every user and communicates its ip address + src port range for each user to FMC using REST so your sensor knows the correct user:ip:port mapping to apply identity based rules.

As for issues I am only aware of CSCve61048.

regards

Oliver