Specifications and limitations
Compatibility
For more information, refer to section TS Agent in the Network Security & Tools Product Life Cycle guide.
Specifications
Maximum number of TS Agents for an SNS firewall | 100 |
Maximum number of users per TS Agent |
20 to 50 (values recommended by Citrix and Microsoft for a multi-session server) |
Maximum number of port ranges per user | 20 (2 by default) |
Number of ports per range | 50 to 1000 (200 by default) |
Limitations and explanations on usage
Port (PAT) or address (NAT) translation
Transparent authentication will not function on the TS Agent if ports (PAT) or addresses (NAT) are translated between the TS Agent and the SNS firewall.
Receiving a domain name in NETBIOS format
When the TS Agent receives a domain name in NetBIOS format, you must map this name to the Active Directory domain name in FQDN format. For more information, please refer to the section Troubleshooting.
TS Agent operating parameters
The TS Agent's operating parameters (listening port, port range, pre-shared key, etc.) can be looked up in the registry base of the server on which it is installed. For further information, refer to the section Identifying/editing TS Agent operating settings,
Disconnecting users who were authenticated via the TS Agent
Users authenticated via the TS Agent cannot be disconnected via the pop-up menu in user monitoring.
A user can be forced to disconnect only with the command sfctl -a from the firewall's console, and the TSD service on the firewall must be restarted so that the user in question can authenticate again.
Prohibited characters in LDAP directory user IDs
" <tab> & ~ | = * < > ! ( ) \ $ % ? ' ` <space>
IMPORTANT
In external directories such as Microsoft Active Directory, user IDs must comply with the above criteria as well as the criteria imposed by Microsoft.