Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1264
Views
0
Helpful
3
Replies

WSA S160 Support for Terminal Servers (How are terminal server connections handled?)

dfiling
Level 1
Level 1

‎04-04-2011 07:26 AM

We have a terminal server environment with a mixture of computers and laptops. Currently we have multiple proxy servers and would like to considate down to one. Our current solution does not work well in a terminal server environment. We are looking for a way to integrate all equipment with one soluton and I was curious as to how the S160 handled users connecting via a terminal server.

Labels:
0 Helpful
3 Replies 3

edadios
Cisco Employee
Cisco Employee

‎04-04-2011 07:27 PM

Hello,

The WSA will work with HTTP, HTTPS and FTP on port configured.

It will not do anything with other application or port, not configured for HTTP, HTTPS or FTP, or otherwise using the ports, but using non standard protocol, not matching HTTP, HTTPS or FTP protocol implementation.

If the query is about a user connecting to a remote controlled pc (via terminal service), and using http, https or FTP, then  the identity and policy that will be used, is whatever applies to the credential, and policy that applies to the remotely controlled pc.

I hope this answers your query.

Regards,

Eric

0 Helpful

dfiling
Level 1
Level 1

‎04-05-2011 09:35 AM

Edadios thanks for the response. I was reading over this document (see attached), and it looks to me like the connection would be tracked via a cookie surrogate. My bigger concern is that we are looking to be able to track usage per user even though they are on a terminal server. Our current solution (Barracuda) is not able to perform this function. I am hoping to have a S160 on site this week to do some testing but was hoping to gather some intel in the forums prior to implementation.

The response helps clear up what protocols are in use but I am still wondering how terminal server connections are handled by the WSA and if they are truly handled and tracked per user instead of by the device they are connecing to.

0 Helpful

edadios
Cisco Employee
Cisco Employee
In response to dfiling

‎04-05-2011 06:10 PM

If you are configured for authentication, and as long as it is not ip surrogate, and the timeout is reasonable, then you will have authentication prompt, for when the user opens a browser, and tries to browse a site. The credential they will use then, will be what is recoreded on the WSA.

I hope this answers your query.

Regards

Eric

0 Helpful
Top