Setting up the RDP listener¶
This section describes how to setup RDP listener. To learn first steps of creating listener, please follow Creating a listener section.
- Go to Settings tab and press the button in the Protocol field.
- Select the TLS enabled option to enable encryption.
- Check the NLA enabled option for additional security.
Note
Security mode must match the security mode setting in the RDP server configuration.
In case the TLS enabled option is chosen, select Legacy crypto option to allow negotiating older encryption algorithms (DSA(1024), RSA(1024)) when establishing RDP connections.
- Select Announcement option to enable it’s field and type in the notification that will be presented to the user on the login screen.
- In the Connection mode section, select desired connection mode.
bastion
Note
- User connects to the target host by including name along with account login on the target server and target server address in the login string, e.g.
john_smith#root#192.168.0.110
.- For details on bastion connection mode, refer to Connection modes topic.
- Select
button in the Connection mode field.
- Select the the IP address from the Local address drop-down list and enter port number.
- Select External address option to enable its field and enter an IP address (or FQDN name) along with the port number, under which Fudo can be accessed from outside the local network.
Note
- The Local address drop-down list elements are IP address defined in the Network configuration menu (Network interfaces configuration) or labeled IP addresses (Labeled IP addresses).
- Selecting the
Any
option will result in Fudo listening on all configured IP addresses.- In case of cluster configuration, select a labeled IP address from the Local address drop-down list and make sure that other nodes have IP addresses assigned to this label. For more information refer to the Labeled IP addresses topic.
proxy
Note
User connects to the target host by providing Fudo Enterprise IP address and port number which unambiguously identifies target host.
- Select
button in the Connection mode field.
- Select the the IP address from the Local address drop-down list and enter port number.
Note
- The Local address drop-down list elements are IP address defined in the Network configuration menu (Network interfaces configuration) or labeled IP addresses (Labeled IP addresses).
- Selecting the
Any
option will result in Fudo listening on all configured IP addresses.- In case of cluster configuration, select a labeled IP address from the Local address drop-down list and make sure that other nodes have IP addresses assigned to this label. For more information refer to the Labeled IP addresses topic.
- Select External address option to enable its field and enter an IP address (or FQDN name) along with the port number, under which Fudo can be accessed from outside the local network.
gateway
Deprecated since version 5.4
Fudo Enterprise 5.4 is the last version supporting gateway mode in the listeners configuration. Listeners using this mode must be reconfigured to use proxy and bastion modes before upgrading to the next release.
Note
User connects to the target host by providing its actual IP address. Fudo Enterprise moderates the connection with the remote host using own IP address. This option requires deploying Fudo Enterprise in the bridge mode.
- Select
button in the Connection mode field.
- Select the network interface used for handling connections over this listener.
transparent
Deprecated since version 5.4
Fudo Enterprise 5.4 is the last version supporting transparent mode in the listeners configuration. Listeners using this mode must be reconfigured to use proxy and bastion modes before upgrading to the next release.
Note
User connects to the target host by providing its actual IP address. Fudo Enterprise moderates the connection with the remote host using user’s IP address. This option requires deploying Fudo Enterprise in the bridge mode.
- Select
button in the Connection mode field.
- Select the network interface used for handling connections over this listener.
- In the CA certificate field, click
.pem
, accepted file extensions are.txt
and.cert
.
to generate TLS certificate by choosing key algorithm and providing Common Name (server name where the certificate is installed), or click to upload server certificate file with private key pasted at the end of the file. The rest of the required fields will be filled automatically. Allowed format of the server certificate file is PEM, although besides
- Click .
Related topics: