RD Gateway and bypass RD gateway

Category: azure multifactorauthentication


rizbris80 on Tue, 01 Apr 2014 20:53:33


I've got Multi Factor Authentication working using radius authentication, but I'm having performance problems when logging in externally, it takes around 90 seconds to login. A number of forums suggest unchecking "Bypass RD Gateway server for local addresses" which does make the connection very quick, but with that all connection whether internal/external all go to the gateway and therefore to radius server, therefore forcing everyone to multi factor authentication.

I have tried adding the internal subnet to the whitelist on the multi-factor authentication server without success. Looking at the radius request, there are no details about the client's IP address.

Is there a way to send additional information to the radius server to allow local address to be excluded.



shawnb_ms on Wed, 10 Sep 2014 00:10:17

RD Gateway doesn't currently populate attribute 66 of the RADIUS request with the client IP address, so IP Whitelist isn't an option. To accomplish your goals would require setting up one RD Gateway for internal use and a different one for external use.