RDP

Supported connection modes:

Supported client applications:

  • All official Microsoft clients for Windows and macOS,
  • FreeRDP 2.0 and newer.

Supported OCR languages:

  • English
  • German
  • Norwegian
  • Ukrainian
  • Polish
  • Hungarian
  • Russian

Supported algorithms

  • when TLS encryption selected and the option Legacy ciphers is disabled:

    • TLS_AES_256_GCM_SHA384
    • TLS_CHACHA20_POLY1305_SHA256
    • TLS_AES_128_GCM_SHA256
    • ECDHE-ECDSA-CHACHA20-POLY1305
    • ECDHE-RSA-CHACHA20-POLY1305
    • ECDHE-ECDSA-AES256-GCM-SHA384
    • ECDHE-RSA-AES256-GCM-SHA384
    • ECDHE-ECDSA-AES256-SHA384
    • ECDHE-RSA-AES256-SHA384
    • DHE-RSA-AES256-GCM-SHA384
    • AES256-GCM-SHA384
    • AES128-GCM-SHA256
    • AES128-SHA256

  • when TLS encryption selected and the option Legacy ciphers is enabled:

    • TLS_AES_256_GCM_SHA384
    • TLS_CHACHA20_POLY1305_SHA256
    • TLS_AES_128_GCM_SHA256
    • ECDHE-ECDSA-AES256-GCM-SHA384
    • ECDHE-RSA-AES256-GCM-SHA384
    • DHE-RSA-AES256-GCM-SHA384
    • ECDHE-ECDSA-CHACHA20-POLY1305
    • ECDHE-RSA-CHACHA20-POLY1305
    • DHE-RSA-CHACHA20-POLY1305
    • ECDHE-ECDSA-AES128-GCM-SHA256
    • ECDHE-RSA-AES128-GCM-SHA256
    • DHE-RSA-AES128-GCM-SHA256
    • ECDHE-ECDSA-AES256-SHA384
    • ECDHE-RSA-AES256-SHA384
    • DHE-RSA-AES256-SHA256
    • ECDHE-ECDSA-AES128-SHA256
    • ECDHE-RSA-AES128-SHA256
    • DHE-RSA-AES128-SHA256
    • ECDHE-ECDSA-AES256-SHA
    • ECDHE-RSA-AES256-SHA
    • DHE-RSA-AES256-SHA
    • ECDHE-ECDSA-AES128-SHA
    • ECDHE-RSA-AES128-SHA
    • DHE-RSA-AES128-SHA
    • AES256-GCM-SHA384
    • AES128-GCM-SHA256
    • AES256-SHA256
    • AES128-SHA256
    • AES256-SHA
    • AES128-SHA

Notes:

  • RDP protocol implementation supports user authentication over RADIUS in challenge-response mode.

  • For RDP servers are supported NLA mode and TLS mode.

  • For RDP listeners, besides the standard security level, the Enhanced RDP Security with TLS option is supported.

  • In case the NLA option enabled, Fudo Enterprise requires NTLM protocol version 2 or newer. To properly handle NLA authentication connections, enable option to only send NTLMv2 response both on client and server side.

    1. Click Start > All Programs > Accessories > Run.
    2. Type secpol.msc in the Open input field and click OK.
    3. Select Local Policies > Security Options and double-click Network Security: LAN Manager authentication level.
    4. Select Send NTLMv2 response only. Refuse LM & NTLM from the drop-down list.
    5. Click Apply.

  • Fudo Enterprise verifies input language settings when negotiation connection and does not support dynamic language change on the login screen.

RemoteApp

Fudo natively supports RemoteApp connections over RDP protocol. Application windows are recorded the same way as RDP connections, enforcing all Fudo Enterprise security restrictions.


To monitor RemoteApp sessions, the connection must be launched through a *.rdp configuration file with the Fudo Enterprise IP address and the port number defined.


Connections initiated over Remote Desktop Web Access can be monitored by Fudo only in Transparent/Gateway mode as the Remote Desktop Web Access can not provide Fudo IP address instead of original destination server.