When RDP is launched through Remote Desktop Gateway (RDG), the Windows Logon component only sees the IP address of the RD Gateway itself, not the original client’s IP. This behavior is inherent to how RD Gateway works: it terminates the HTTPS tunnel and initiates the RDP session on behalf of the client.
As a result, Rublon MFA cannot apply the Authorized Networks policy based on the true source IP, because that information is not passed through to the destination server. The reported IP address will always be the IP address of the Remote Desktop Gateway server.
Can RD Gateway be configured to pass the real client IP?
Unfortunately, no. The RDP host will always see the RD Gateway’s IP as the source. This is not a limitation of Rublon MFA, but rather a consequence of RD Gateway’s architecture, which masks the client IP for security and routing purposes.
Helpful Links
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article