Meraki Community

 Try to open a support case. 

@PhilipDAth the page you linked to has links that simply return 404s.  We use (used before we were closed by Covid) Citrix XenApp on top of Terminal services and the TS agents are always a bit flakey so I'm pretty interested in an IP per session.  Have you used it and is it reliable?

I found another guide that still works, looks promising 😎

http://www.virtualizationblog.in/why-we-need-remote-desktop-services-ip-virtualization/

I haven't personally used it (outside of my normal area), but I have had clients use it so they could track the individual RDS users using the Meraki Dashboard.

it's ok, now i can have traffic by IP/session, now my problem is hot to bind user/session/ip or how i can retrive this information. Today a session of "laura" have 192.168.10.10, tomorrow she can have 192.168.10.15, if i want to investigate after a week how i can find traffic generated by Laura?

This weekend i created group policies to restrict internet browsing and assigning it to active directory groups in merki console.
I have activated the virtual ip on all 6 of my terminal servers, the sessions are correctly split by IP (i can see that on windows logs and packet capture) and apparently it seems  the various sessions are correctly recognized from mearki and apply the correct policy for the different users.I did several tests and everything seemed to work.

This morning, that all the users are in the office, at one point a colleague, who did not have restrictive policies, tells me that she no longer navigates to some sites. I check in the event log of the "pages blocked by content filtering" and I see that the calls of my colleague were mapped in meraki with the AD name of another user who instead had a navigation policy. So i cechk other 10 users and i see the problem with 80% of them.

Wwe choose Meraki beacuse we see a fnatastic demo with policy, navigation control, content filtering, but now I am in the situation where I no longer know which way to turn to work with a Groups content filtering and Terminal servers.

 Anyone at any suggestions or a walkaround?

thanks

We have this same issue for one of our networks. Do you have an workaround for it yet? Or did you buy something else wich supports terminalserver agents?
Or does the mapping work now?

to date, I have unfortunately given up. Although Active Directory is correctly synchronized with the DC, the match with the logs to map IPs and Network Users "messes". I tried several times through the support to solve the problem but without success. At the moment I haven't looked for other solutions and I'm not restricting AD groups.

the only walkaround thought of, but don't want to use, is creating xx Terminal Servers based on numbers of restriction groups. And manage rdp accesses via an RDP Gateway in order to have a single access at xx TS and single RDP access to configure client side (so if you want to migrate user from one to another TS you haven't re-configure client side).

For me is a powerful solution for manage multiple TS (but much configuration need) but can't be a solution for resolve problem with navigation restriction of Meraki.

I think there is nothing new here. We gave up on a solution for the terminal-server. Our customer created a new vlan for different group-policies. How they want to handle it on the terminal-server i do not know that. Maybe a second port with the different ips or something.