How are credentials passed CredSSP in remote desktop gateway to the destination RDP machines?
Is the TLS tunnel created just like regular RDP sessions?
Is HTTPS used?
I was thinking something like:
Pplain RDP in AD environment first you get your TGS from the DC and then you do TLS to the target server and crendetials are passed via CredSSP and that's how you establish the session.
So in RD Gateway scenarios (big RDP deployments), the client establishes the connection with the gateway via HTTPS, that has TLS by default but credentials are passed via CredSSP inside TLS. Then the gateway just "passes" the credentials unencrypted after ending the TLS tunnel, to the target RDP, and then this last one validates the access? After that RDP packets are sent back to the gateway which ultimately encrypts again the packets inside TLS and HTTPS back to the source client.
Something like that?