Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    multiple Remote Desktop Gateways - How to balance? UDP involved

    Scheduled Pinned Locked Moved General pfSense Questions
    haproxyrdgwudpbalancing
    4 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rgijsen
      last edited by rgijsen

      Hi,
      we've got 2 Remote Desktop Gateways in our DMZ, which are currently balanced by HAProxy. It works fine, but HAProxy doesn't allow for UDP. RD Gateways can use UDP to enhance performance. What would be the best way to have both gateways load balanced WITH UDP enabled?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        What does Microsoft recommend?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • R
          rgijsen
          last edited by rgijsen

          Ok, a blatant copy / paste from the MS docs (https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-rdweb-gateway-ha), screwing up the layout:

          Step 3: Configure load balancing for the RD Web and RD Gateway servers
          If you are using Azure infrastructure, you can create an external Azure load balancer; if not, you can set up a separate hardware or software load balancer. Load balancing is key so that traffic will be evenly distributed the long-lived connections from Remote Desktop clients, through the RD Gateway, to the servers that users will be running their workloads.

          Note

          If your previous server running RD Web and RD Gateway was already set up behind an external load balancer, skip ahead to step 4, select the existing backend pool, and add the new server to the pool.

          • Create an Azure Load Balancer:
          • In the Azure portal click Browse > Load balancers > Add.
          • Enter a name, for example WebGwLB.
          • Select Public for the Scheme, Public IP address, and a Public IP address. You can select an existing Public IP address or create a new one.
          • Select the appropriate Subscription, Resource Group, and Location.
          • Click Create.
          • Create a probe to monitor which servers are alive:
          • In the Azure portal click Browse > Load Balancers., the load balancer you just created, e.g. WebGwLB, and Settings
          • Click Probes > Add.
          • Enter a name, for example, HTTPS, for the probe. Select TCP as the Protocol, and enter 443 for the Port, then click OK.
          • Create the HTTPS and UDP load balancing rules:
          • In Settings, click Load balancing rules.
          • Select Add for the HTTPS rule.
          • Enter a name for the rule, for example, HTTPS, and select TCP for the Protocol. Enter 443 * for both Port and Backend port, and click OK.
          • In Load balancing rules, click Add for the UDP rule.
          • Enter a name for the rule, for example, UDP, and select UDP for the Protocol. Enter 3391 for both Port and Backend port, and click OK.
          • Create the backend pool for the RD Web and RD Gateway servers:
          • In Settings, click Backend address pools > Add.
          • Enter a name (for example, WebGwBackendPool), then click Add a virtual machine.
          • Choose an availability set (for example, WebGwAvSet), and then click OK.
          • Click Choose the virtual machines, select each virtual machine, and then click Select > OK > OK.

          So that's that, Azure balancers and some other appliances I have seen support UDP balancing, but pfSense doesn't. I know the pfSense internal balancer (not HAProxy) can do UDP, but ONLY for DNS traffic. If I remember correctly in previous versions the protocol selection actually showed TCP and UDP, but now it shows TCP and DNS.

          So would there be another way using pfSense to do that? I'm sure we all think pfSense does at least what others do right? ;-)

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Probably not in this case.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.