Create a Post
Showing results for 
Search instead for 
Did you mean: 

External access to internal RDS gateway

Good evening,


Firstly, apologies if I've attached this to the wrong board!


We are looking at how we can use our R80.40 cluster to control external 3rd party access to our internal RDS gateway.


We would like to integrate the solution to AAD for authentication/MFA using SAML. Browser Based Authentication seems like a good way to go with this, but I'm not sure how the gateway would handle the traffic. For example, if user A authenticates to the gateway from IP x.x.x.x, is user B also forced to authenticate if they connect to our gateway from the same IP? Our concern is if two users happen to connect to the gateway from the same remote location which is being NAT'd behind the same public IP, are both users forced to authenticate? Or does one authentication request from that source IP consequently allow traffic from any other hosts NAT'd behind the same IP?


Also, are there any other solutions for this remote access that can integrate with AAD using SAML on an R80.40 gateway?


As always, any advice would be greatly appreciated!





0 Kudos
1 Reply

Browser Based Authentication is really only for internal hosts, not necessarily external ones.
And, in your case, if one person authenticates from a specific IP, all users who appear to be coming from that IP would also be allowed.

A better solution from a remote site would be something like Mobile Access Blade, which would authenticate each user.
This should be able to integrate with AAD via SAML authentication.


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events