Can't get RD Web Connection to work through WatchGuard Firewall

I am trying to setup Remote Desktop Web Connection on Windows XP. It is working internally but I am trying to publish the connection to the internet so I can connect from outside my company's firewall. I have a WatchGuard Firebox III. I have added a new server in on the firewall and tried to forward it to my computer several different ways but no matter what it won't work. Could somebody please help.

Thank you,
Who is Participating?
yes you can forward two port, 5000 and 80 to 3389 and port 80 respectively; but port 80 can be forwarded only for If you wish to forward port to more than one machine, then you would need to configure different port for the webserver as well.

You would need two services, one for each port, because we need internal port redirection.

So assuming that you have 5000 and 80 port; and 5001 for .2 and 5003 for .3; then the services needed would be:
service-1 for port 5000; getting redirected to on port 3389
service-2 for port 80; getting redirected to on port 80
service-3 for port 5001; getting redirected to on port 3389
service-4 for port 5002; getting redirected to on port 3389

Thank you.
You'll need to forward port 3389 from the outside IP to whatever box you want to gain access to internally.  In addition, since you're trying to use the web client, you'll need to have 80 and 443 forwarded to the web server that serves the RDP web connection page.
ob1_Author Commented:
There is no web server that serves the page, there is only the client with Remote Desktop Web Connection installed. So I tried forwarding the external ip:port -> internal ip:80. The Remote Desktop Web Connection page comes up, but I can't connect from there. I've also tried opening 3389 and forwarding it.

I am using an additional port to specify my machine from the outside, so the address I am trying in is - b/c I only have 1 external IP and I want to set this up for many machines on my network. So I am trying to forward traffic from my external ip on port 113 to my internal ip on port 80.

So how forward 3389? Traffic on port 3389 on my external ip gets forward to 3389 on my internal ip? Or is it traffic to my external ip on 113 gets forwarded to 3389 on my internal ip?
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Ah, you're trying to use that multiple RDP fucntionality.  Haven't fully configured that before.  Standard RDP uses port 3389, to communicate, and then only on a 1 to 1 basis (i.e. you can forward each external IP to one internal IP on the same port).

Sorry but that's all the help I can be on that issue.  Anyone else?
ob1_Author Commented:
please see

i had to cfg each machine to listen on a different port for RD, and forward pubip:3389=>privip:newport for RD and pubip:whatever=>privip:80 for each user!

As I understand you wish to have incoming traffic on one specific port and then to forward it internally to a different port to different machines.

Let me take an example:
Incoming TCP traffic on port 5000 needs to be directed to on port 3389
Incoming TCP traffic on port 5001 needs to be directed to on port 3389
Incoming TCP traffic on port 5002 needs to be directed to on port 3389

I am assuming you are using WSM version 7.x

In Policy Manager; create a custom service; select protocol as TCP; port as 5000; client port as ignore [this is important]

Now add the service created above and configure as below:
Incoming connections are "Enabled and allowed"; from Any; to click Add->Add NAT; in the External IP address the public IP would be listed; in internal IP specify; check the box, Set internal port  to a different port than this policy and specify port as 3389; click OK all the way back.

If there are more ports [please note this port also should not be common], you can either add them in the specific custom service [when adding 5000 as in example above]; or add specific service for each port.

Repeat for 5001 and 5002 as well.

Save to firebox; please implement and update.

Thank you.
ob1_Author Commented:
here is the problem it needs to be:

Incoming TCP traffic on port 5000 needs to be directed to on port 3389 and port 80.

Can you forward to 2 ports? Port 80 is the IIS website for TSWEB (Remote Desktop Web Connection). Currently I have the traffic forwarded to 3389 and Remote Desktop works fine through the firewall, but I'd like to use TSWEB.


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.