TS agents

This transparent multi-user authentication method is intended for virtual desktop infrastructures (VDI).
This method relies on exchanges between the SNS firewall and one or several SN TS agents deployed directly on VDI servers (Citrix Virtual Apps and Desktops servers or Microsoft Remote Desktop Services).

Each SNS firewall can manage up to 100 SNS TS agents.

For more information, please refer to the Technical Note SN TS Agent - Installation and deployment.

TS agents

Timeout before disconnected users and de-authenticated (sec.)

If users have been accidentally disconnected or have suddenly quit a remote session, this is the length of time after which they will be deleted from the table of authenticated users in the intrusion prevention engine.

The default value is 30 seconds. It can be raised to a maximum of 300 seconds (5 minutes).
 

TS agent list

You can Add or Delete TA agents by clicking on the respective buttons.

Adding a TS agent

  1. Click on Add.
    A window containing the various parameters to indicate will appear.
  2. Using the cursor, enable (ON) or disable (OFF) the TS agent being created.

NOTE
We recommend that you create TS agents by leaving them inactive to avoid generating unnecessary alarms and logs. They will be enabled when the TS agents are deployed on RDS and Citrix servers.

  1. Enter the TS Agent Name.
  2. Select or create the object corresponding to the TS server (RDS/Citrix server) on which the TS agent will be installed.
  3. Select the communication Port between the firewall and the TS agent.
    The object agent_ts (TCP/1303) is suggested by default.
  4. Set and confirm the Pre-shared key used during the communication with the TS agent.
  5. Confirm the configuration by clicking on Apply.

Removing a TS agent

  1. Select a row in the grid that contains the TS agents.
  2. Click on Remove.
  3. Confirm by clicking on OK.

Changing the status of a TS agent

To change the status (on/off) of a TS agent, double-click in the agent's Status column.

Modifying a TS agent

To change one or several parameters of a TS agent, double-click in any column other than the agent's Status column.

TS agent grid

Status

Indicates whether communication with the TS agent is enabled (on) or disabled (off).

NameTS agent name.
AddressObject corresponding to the server on which the TS agent is installed.
The IP address of the server appears when you scroll over this object.
Pre-shared keyThe pre-shared key used during the communication with the TS agent is shown when you scroll over this field.
Connection portDisplays the object corresponding to the communication Port used between the firewall and the TS agent.

Advanced properties

Ignored administration accounts

For each TS agent configured, administration accounts can be excluded from the TS Agent authentication mechanism. In this case, even when traffic initiated by the selected administrator accounts matches filter rules that allow the TS Agent method, the firewall will block such traffic.

To add an administration account to ignore:

  1. Expand the Advanced properties section,
  2. In the Ignored administration accounts grid, click on Add,
  3. Select a TS Agent configured earlier,
  4. Enter the name of the administration account to ignore.