Can't get RD Web Connection to work through WatchGuard Firewall

Posted on 2008-10-05
Last Modified: 2013-11-21
I am trying to setup Remote Desktop Web Connection on Windows XP. It is working internally but I am trying to publish the connection to the internet so I can connect from outside my company's firewall. I have a WatchGuard Firebox III. I have added a new server in on the firewall and tried to forward it to my computer several different ways but no matter what it won't work. Could somebody please help.

Thank you,
Question by:ob1_
  • 3
  • 2
  • 2

Expert Comment

ID: 22646467
You'll need to forward port 3389 from the outside IP to whatever box you want to gain access to internally.  In addition, since you're trying to use the web client, you'll need to have 80 and 443 forwarded to the web server that serves the RDP web connection page.

Author Comment

ID: 22646533
There is no web server that serves the page, there is only the client with Remote Desktop Web Connection installed. So I tried forwarding the external ip:port -> internal ip:80. The Remote Desktop Web Connection page comes up, but I can't connect from there. I've also tried opening 3389 and forwarding it.

I am using an additional port to specify my machine from the outside, so the address I am trying in is - b/c I only have 1 external IP and I want to set this up for many machines on my network. So I am trying to forward traffic from my external ip on port 113 to my internal ip on port 80.

So how forward 3389? Traffic on port 3389 on my external ip gets forward to 3389 on my internal ip? Or is it traffic to my external ip on 113 gets forwarded to 3389 on my internal ip?

Expert Comment

ID: 22646556
Ah, you're trying to use that multiple RDP fucntionality.  Haven't fully configured that before.  Standard RDP uses port 3389, to communicate, and then only on a 1 to 1 basis (i.e. you can forward each external IP to one internal IP on the same port).

Sorry but that's all the help I can be on that issue.  Anyone else?
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud


Author Comment

ID: 22646865
please see

i had to cfg each machine to listen on a different port for RD, and forward pubip:3389=>privip:newport for RD and pubip:whatever=>privip:80 for each user!

LVL 32

Expert Comment

ID: 22656994
As I understand you wish to have incoming traffic on one specific port and then to forward it internally to a different port to different machines.

Let me take an example:
Incoming TCP traffic on port 5000 needs to be directed to on port 3389
Incoming TCP traffic on port 5001 needs to be directed to on port 3389
Incoming TCP traffic on port 5002 needs to be directed to on port 3389

I am assuming you are using WSM version 7.x

In Policy Manager; create a custom service; select protocol as TCP; port as 5000; client port as ignore [this is important]

Now add the service created above and configure as below:
Incoming connections are "Enabled and allowed"; from Any; to click Add->Add NAT; in the External IP address the public IP would be listed; in internal IP specify; check the box, Set internal port  to a different port than this policy and specify port as 3389; click OK all the way back.

If there are more ports [please note this port also should not be common], you can either add them in the specific custom service [when adding 5000 as in example above]; or add specific service for each port.

Repeat for 5001 and 5002 as well.

Save to firebox; please implement and update.

Thank you.

Author Comment

ID: 22658802
here is the problem it needs to be:

Incoming TCP traffic on port 5000 needs to be directed to on port 3389 and port 80.

Can you forward to 2 ports? Port 80 is the IIS website for TSWEB (Remote Desktop Web Connection). Currently I have the traffic forwarded to 3389 and Remote Desktop works fine through the firewall, but I'd like to use TSWEB.


LVL 32

Accepted Solution

dpk_wal earned 500 total points
ID: 22660722
yes you can forward two port, 5000 and 80 to 3389 and port 80 respectively; but port 80 can be forwarded only for If you wish to forward port to more than one machine, then you would need to configure different port for the webserver as well.

You would need two services, one for each port, because we need internal port redirection.

So assuming that you have 5000 and 80 port; and 5001 for .2 and 5003 for .3; then the services needed would be:
service-1 for port 5000; getting redirected to on port 3389
service-2 for port 80; getting redirected to on port 80
service-3 for port 5001; getting redirected to on port 3389
service-4 for port 5002; getting redirected to on port 3389

Thank you.

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
In a recent question ( here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
In an interesting question ( here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question