Specifications and limitations

Compatibility

For more information, refer to section TS Agent in the Network Security & Tools Product Life Cycle guide.

Specifications

Maximum number of TS Agents for an SNS firewall 100
Maximum number of users per TS Agent

20 to 50 (values recommended by Citrix and Microsoft for a multi-session server)

Maximum number of port ranges per user 20 (2 by default)
Number of ports per range 50 to 1000 (200 by default)

Limitations and explanations on usage

Port (PAT) or address (NAT) translation

Transparent authentication will not function on the TS Agent if ports (PAT) or addresses (NAT) are translated between the TS Agent and the SNS firewall.

Receiving a domain name in NETBIOS format

When the TS Agent receives a domain name in NetBIOS format, you must map this name to the Active Directory domain name in FQDN format. For more information, please refer to the section Troubleshooting.

TS Agent operating parameters

The TS Agent's operating parameters (listening port, port range, pre-shared key, etc.) can be looked up in the registry base of the server on which it is installed. For further information, refer to the section Identifying/editing TS Agent operating settings,

Disconnecting users who were authenticated via the TS Agent

Users authenticated via the TS Agent cannot be disconnected via the pop-up menu in user monitoring.
A user can be forced to disconnect only with the command sfctl -a from the firewall's console, and the TSD service on the firewall must be restarted so that the user in question can authenticate again.

Prohibited characters in LDAP directory user IDs

" <tab> & ~ | = * < > ! ( ) \ $ % ? ' ` <space>

IMPORTANT
In external directories such as Microsoft Active Directory, user IDs must comply with the above criteria as well as the criteria imposed by Microsoft.