Q: How does the Bypass RD Gateway server for local addresses know if a destination for RDP is local or not?

A: Windows Server 2008 introduced Terminal Services Gateway (TS Gateway), which was renamed to Remote Desktop Gateway (RD Gateway) in Windows Server 2008 R2. It enables RDP traffic to be encapsulated in HTTPS, which enables RDP to travel through many firewalls and also ensures encryption of the traffic.

When a gateway is used, instead of the client talking directly to the RDP target, it instead communicates via the RD Gateway. To use a gateway, the options are specified under the Advanced tab of the Remote Desktop Connection client by using the Settings button in the Connect from anywhere section. Where the RD Gateway is specified, the option to Bypass RD Gateway server for local addresses is available (see screen shot below).

RD Gateway

The question is often asked of how "local address" is determined--is it based on IP subnet, is it based on DNS domain name?

No, it's far less sophisticated. Basically, when the bypass option is enabled when the connection is initiated the RDC first tries to communicate directly to the target and if it can't, it will then use the RD Gateway specified.

TAGS: Windows 8
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.