Wap Proxy Remote Desktop Gateway
Web Application Proxy is a role in Windows Server 2012 and 2012 R2 that replaces some of the functionality found in Microsoft's UAG and TMG products. It acts as a reverse proxy to allow you to securely deliver your internal web applications to external users. As of the for Server 2012 R2, Web Application Proxy (here on out referred to as WAP) supports securely publishing RD Gateway, as can be seen in. Finally a supported solution to secure RD Gateway without switching to a 2FA vendor that supports direct integration with RD Gateway!WAP Graphic from TechNetBut how do we setup and configure WAP to host RD Gateway connections? Microsoft is still working on their official documentation.
Besides the aforementioned blog post, there is only a I could find on TechNet detailing how to configure WAP for RD Gateway - and the details are very sparse.This blog post will serve as one of the first resources for installing and configuring the necessary infrastructure components required to host RD Gateway connections behind WAP. Please be warned that these posts will be long and screenshot-heavy.Prerequisites. Once again, make sure you are using a domain administrator account and click Next.Configuring ADFSSelect the SSL certificate you purchased for ADFS and installed on the server. When you select the certificate, the Federation Service Name will automatically populate based on the subject of the certificate. You can also input a display name for ADFS. Click Next.Configuring ADFSNext you'll need to select a service account used to run ADFS. If your domain controllers are 2012+, you'll have the option of using a Group Managed Service Account, which is the preferred option.
However if your domain controllers are still 2008 R2 (as in my example domain), you'll need to use a regular service account. Select the service account, enter the password, and click Next.Configuring ADFSYou'll need to specify whether to use the Windows Internal Database, or a SQL Server instance to store the ADFS database. If you have an existing highly-available SQL Server instance, I'd recommend using that. If not, Windows Internal Database should be fine, which I'll be using for this demo. Click Next.Configuring ADFSReview the options you selected, and click Next.Configuring ADFSOnce the prerequisite checks have completed successfully, click Configure.Configuring ADFSOnce configuration is completed, click Close.And we're done!Installing and Configuring Web Application Proxy. Next we'll install and configure WAP. On your WAP server, open Server Manager, and install the Remote Access role.
Click Next.Installing Web Application ProxyWhen prompted for the Role Services, select Web Application Proxy. Be sure to install all related management consoles. Click Next.Installing Web Application ProxyFollow the remaining prompts to install Web Application Proxy.
Wap Proxy Remote Desktop Gateway Config
Remote Desktop Gateway Server
The wizard will inform you that additional configuration is required. We'll do that next. Click Close.Web Application Proxy is installed!From Server Manager, click Tools and open the Remote Access Management console. The Remote Access Management console will open. In the left pane, select Web Application Proxy and then click the link to run the Web Application Proxy Configuration Wizard.Configuring Web Application ProxyThe Web Application Proxy Configuration Wizard will open.
On the welcome screen, click Next.Configuring Web Application ProxyEnter the Federation Service Name that you used for ADFS. You'll also need to enter credentials to be used to connect the ADFS - most likely using your domain administrator credentials. Once the information is populated, click Next.Configuring Web Application ProxySelect the certificate to be used by WAP - you can select the same certificate as ADFS. Then click Next.Configuring Web Application ProxyFinally, click the Configure button to finish.Configuring Web Application ProxyOnce configuration is complete, click Close.WAP configuration is complete!Back in the Remote Access Management console, you can select Operations Status in the left pane, and see that your WAP configuration is healthy and configured correctly.WAP looks good!