The Web Client is a part of RAS Secure Gateway. To be used by end users, the User Portal must be enabled and configured in the RAS Console as described in Configure User Portal.

Session persistence based on a cookie

RAS Web Client session persistence is normally set by user's IP address (source addressing). If you can't use source addressing in your environment (e.g. your security policy doesn't allow it), you can use the Session Cookie to maintain persistence between a user and a server. To do so, you'll need to set up a load balancer that can use a session cookie for persistence. The cookie that you should use is ASP.NET_SessionId. If you are using a load balancer that doesn't use ASP.NET, you can specify a different cookie on the Web Requests tab of the RAS Secure Gateway Properties dialog. For more information, see Web request load balancing.

Host header attack protection

You can enable host header attack protection for the User Portal URL. This security measure will ensure that the Host headers of the users' HTTP requests to User Portal cannot be changed in transit, and users who access User Portal via a browser are always redirected to one of your Secure Gateways and not any other hosts.

To enable host header attack protection:

1. Navigate to Farm > Farm > Tasks > Properties.

2. Select the Enable HTTP Host header attack protection option.

3. (Optional) If you use additional hostnames or IPs for your Secure Gateways, you can add them to the list of the allowed addresses by selecting Tasks > New (or clicking the plus-sign icon) in the Access addresses section.