Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Directory Connector 4.1 replacing DC+TSA 4.0?

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

while using the combo Directory Connector 4.0 and TSA 4.0 for years I was asking myself about Directory Connector 4.1 if it would be possible to use it as a drop-in replacement regarding RDS? So running just only one component instead of two (or more) on different systems.

I don't have a RDS Server at my disposal, therefore I cannot test it. The documentation says:

Terminal Server IP Virtualization Support

This feature provides an alternative method of identifying users logged into Terminal Servers which is expected to replace the SonicWall Terminal Server Agent in future releases.

It is supported on Windows Server 2008 R2 and higher, and is based on Remote Desktop IP Virtualization technology by Microsoft. Remote Desktop IP Virtualization allows IP addressesto be assigned to remote desktop connections on a per session or per program basis. This can be useful if a program communicates with a server that only allows one connection per IP address. Prior to Windows Server 2008 R2, every session on a Remote Desktop Session Host server was assigned the same IP address. With Windows Server 2008 R2, Remote Desktop IP Virtualization provides a way to assign IP addresses on a per session or per program basis. If IP addresses are assigned for multiple programs, they will share a per session IP address. If there is more than one network adapter on the server, one must be designated for Remote Desktop IP Virtualization.

The SonicOS user authentication module now uses this feature from within the SonicWall SSO Agent to accomplish the same functionality as the SonicWall Terminal Server Agent. Once a user logs into the terminal server with an RDP session, the Windows Server assigns a unique IP address to the session and logs an application event in the Windows event log. The SSO Agent reads the log remotely and notifies the firewall, allowing the user to be identified by SonicOS. Non

I'am quite sure the customer is running a deployment with a single IP on it's Terminal Server, does this work as well with DC 4.1 or do I have to use the "old" TSA 4.0 for that reason? What about Windows Server 2019, the TSA is from 2017, way before W2K19.

Thanks in advance from a confused macOS/Linux user.

--Michael@BWC

Category: Mid Range Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    I've got word from a SE that 4.1 requires IP Virtualization, so TSA is still the preferred choice. Would be great to have the Release Notes updated for TSA because it does not state any compatibility for W2K19, which is due to the fact it got released back in 2017.

    --Michael@BWC

Answers

  • In my previous life I remember going to @Jaime for questions like this. Any thoughts?

    @micah - SonicWall's Self-Service Sr. Manager

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited June 2022

    I had to dig this old thread out, just 1 1/2 went by with no further reaction.

    I had a customer call today regarding TSA, will there be any changes around this Utility? It still says DELL and is 5 years old, which is ancient in our line of business.

    Windows Server 2022 does not support IP Virtualization at the moment, so we are stuck with TSA?

    https://docs.microsoft.com/en-us/troubleshoot/windows-server/remote/remote-desktop-ip-virtualization

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Micah @Ena could you please forward this thread to someone with deeper knowledge what the current state of play is regarding TSA etc.

    It seems there is no progress for a couple of year on that front.

    --Michael@BWC

Sign In or Register to comment.