How RD Gateway Works
When a client initiates a connection, RD Gateway first establishes SSL tunnels between itself and the external client. Next, RD Gateway vets the client's user (and optionally the computer) credentials to make sure that the user / computer are authorized to connect to RD Gateway. Then RD Gateway makes sure the client is allowed to connect to the requested resource. If the request is authorized then RD Gateway sets up an RDP connection between itself and the internal resource. All communication between the external client and the internal endpoint goes through RD Gateway.
This article describes how to set up a Microsoft Remote Desktop Gateway (RDG) server.
In this example, the external domain name of the RDG server is "rdgateway.deepnetsecurity.com", and the internal host name is "rdg.opensid.net". Therefore, the RDG server must be a member machine of the "opensid.net" domain.