Somebody successfully pblished Windows Terminalserver 2019 with Sophos XG

I'm currently in the same process. The users in their terminal server sessions are not correctly reported to the XG by the SATC built into the latest Endpoint EAP.

If you need a case No, let me know. Perhaps we can push this up a bit together.

something has been written here about that: community.sophos.com/.../satc-replacement---server-endpoint (you can find the case# here, too)

Hi, so I will open a case. Right?

It should be possible to have something like a terminalserver get published...

I wonder that we both seem to be the only one.

Best from Berlin Gernot

I also wonder about nobody else seem to have the issue.

To add this to your case:

04666074 / Userauthentication from Terminalserver to XG not working

is currently at GES and the issue has been confirmed by Sophos Support.

I assume you are not talking about the same. 

Publishing most likely means using a WAF to get this to the Internet. 

Intercept X for server is user authentication. 

Yes.

I mean the WAF thing.

OK, sorry for confusion. I did'nt read that properly.
But there is a chance, you eventually need that authentication stuff later.

We managed to get it going and I wanted to paste screenshots of our config but apparently that is not supported on this forum from 199x 

Basically create a policy like:
Enable RPC (Pass Outlook Anywhere)
Mode: Reject
No cookie signing
Static URL hardening enabled for:
/
/rpc
/favicon.ico
/rpc/rpcproxy.dll?localhost:3388
/rpc/rpcproxy.dll
/rpc/rpcWithCert

No form hardening
No AV
Block bad repu: enabled
skip remote lookups: disabled
Common threat filter: On (level 1)
Skip filter rules:
911100
920100
920340
920440
960015
960032
960035
960911
981172
981176
981204
SQL injection diabled - all others enabled

Then in your WAF rule don't use Path Specific Routing and in the exceptions section create 1 that disables URL hardening for these sites:

/RDWeb/*,/rpc/*,/rpcWithCert/*

Rasmus

Hello Ali,

You can add screenshots to the post.

You just need to click the Insert bottom > Image/video/file > (in the new window that open, click the gray letters) >> UPLOAD, ( a new window will open) search the screenshot you want to upload), click OPEN, and then OK. 

Regards,

Hi Emmanuel,

Yeah I know. But the fact that you needed two full lines to describe how, kind of proves my point. This is 2022, days of HTML5 etc., and most forum users expect CTRL-V and inline images. You can consider it a feature request :)

offtopic: STRG+V works here. Most of the times.

From my experience: if nothing happens, the image in clipboard is probably too big (4K display, fullsize window screenshot?). shrink it before pasting.

If still not working: start a new in private session to avoid cache issues.

btw: emmosophos I must admit I never ever thought this grey text would be clickable or open a new upload file window. This should be made better visible..

 (pasted by STRG+V)