How to create custom Client/Server Application SSLVPN template for Remote Desktop
with Full Screen and Console Access
Author: Idan (DeviceZ) Plotnik, Security Engineer, Forefront MVP
Date: 01/10/2008
Before you begin
IAG is an Application Aware SSLVPN Product, IAG allows to you customize
web pages, requests / responses, http headers, URL's, perform smart link translation
(HAT - Host Address Translation) and a lot more !!!
The following paper describes how to create custom SSLVPN template that allows access
to terminal servers in FULL SCREEN and with the argument "/Console"
You can download the custom code presented in this article
from wwwForefrontSecurity.ORG
Important to know!
Please make sure you create a CustomUpdate folder and put the files into this folder
as describe below!
Prerequisites
Non
Configuration Procedures
Create custom SSLVPN template files
1.
Create new file "SSLVPNTemplates.xml" in
the following location c:\Whale-Com\e-Gap\von\conf\CustomUpdate
2.
Copy the following code into the file you created
<config>
<templates version="3" use-lsp="1">
<!--
******************************************************************************
** Windows XP Terminal Services Client /CONSOLE - variable screen resolution **
** Created by Idan Plotnik ForefrontSecurity.ORG**
******************************************************************************
-->
<template name="MSTSConsole" userrights="0" use-with-lsp="yes"
win="yes"><!--Windows-->
<port id="0" remoteport="3389" localport="23456"
flags="10" />
<exec exe="mstsc.exe -v:%localip%:%localport% /console -w:%HRes% -h:%VRes%"
flags="4" param="" use-with-lsp="no"/>
<exec exe="mstsc.exe -w:%HRes% -h:%VRes% -v:%leadserver% /console"
flags="4" param="" use-with-lsp="only"/>
<config-file flags="33" path="" ><![CDATA[
[1\Software\Microsoft\Terminal Server Client\Default]
MRU0=C%localip%:%localport%
Full Address=C%localip%:%localport%
]]>
</config-file>
</template>
</templates>
</config>
3.
To test the file you created please double click on
it and check that you don't have errors - see the print screens below:
Undamaged file output
Damaged file output
4.
Create new Folder "CustomUpdate"
in the following directory c:\Whale-Com\e-Gap\von\conf\wizarddefaults\
5.
Create new file "WizardDefaultParam.Ini"
in the following location c:\Whale-Com\e-Gap\von\conf\wozarddefaults\CustomUpdate
6.
Copy the following code into the file you created
[Application_List]
NumOfApps=1
App1=MSTSConsole
[MSTSConsole]
Name=MSTSC /Console (XP/Vista)
AppType=1
WhaleApp=0
Types=1,2
Image=images/AppIcons/TerminalServices.gif
SSLVpnTemplate=MSTSConsole
SSLVPNNumOfElements=5
SSLVPNElement0ID=0IPBIND
SSLVPNElement1ID=0
SSLVPNElement2ID=LeadServer
SSLVPNElement3ID=HRes
SSLVPNElement4ID=VRes
0IPBINDName=Terminal Servers:
0IPBINDType=0
0IPBINDGuiType=2
0IPBINDValidation=IP/DNS NotEmpty
0Name=Port:
0Type=1
0GuiType=1
0Value=3389
0Validation=Port
LeadServerName=Initial Server:
LeadServerType=2
LeadServerGuiType=0
HResName=Remote Desktop Width:
HResType=2
HResGuiType=0
HResValue=800
HResValidation=NotEmpty
VResName=Remote Desktop Height:
VResType=2
VResGuiType=0
VResValue=600
VResValidation=NotEmpty
ActivateSmugglingProtection=0
MaxHTTPBodySize=49152
ContentTypeList=application/x-www-form-urlencoded|multipart/form-data
Select the custom Client/Server Application you created
1.
In the Application section of you Trunk / Portal,
click "Add"
2.
Go to "Client/Server and Legacy Applications"
3.
Choose the custom template your created "MSTSC
/Console (XP/Vista)"
Thank you very much for reading this article, If you have any issues with this custom
template please go to our Technical Forums site
http://Forums.ForefrontSecurity.ORG and post your questions there
Idan (DeviceZ) Plotnik
Security Engineer, Security Engineer, Forefront MVP
ForefrontSecurity.ORG