A terminal services gateway (TSG) is a server that may allow authenticated and authorized remote desktop clients to connect to terminal services resources inside a network, such as a corporate network. The clients may use protocols such as the Remote Desktop Protocol (RDP) to connect to a resource within the corporate network through the gateway. When a remote desktop client connects to a terminal server via a terminal services gateway, the gateway typically opens a socket connection with the terminal server and redirects all client traffic to a port normally reserved for such purposes. The terminal services gateway also typically exchanges gateway and remote access policies for the connection.
Once the client and terminal server remote access protocol exchange commences, the terminal services gateway normally cannot interfere with the exchange nor can it look into the encrypted exchange to verify if the client is enforcing the agreed upon policies. A rogue client can thus potentially bypass the established policies sent to the client resulting in a potential security breach. Furthermore, terminal servers typically have only a single port open on their firewall, and thus it is not practical to open another port on the terminal servers for security reasons. Finally, the terminal server typically is not be able to differentiate between connections coming via the terminal services gateway from those coming from within the corporate network.