Using different ports for Remote Desktop

I'm trying to use other ports other than 3389 for remote desktop.

My plan is it use wan ip xx.xx.xxx.xxx:4000-xxxx for my other remote desktop users.
SecurityResourcesIncAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KirrilianCommented:
You can set this in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

http://support.microsoft.com/kb/187623
KirrilianCommented:
As a side note, it is a pain to set this on the client's side, you can send them out the connection file or have them connect using command line switches.
jazzIIIloveCommented:
Hi there;

 WARNING: The Remote Assistance feature in Windows XP may not work properly if you change the listening port. To change the port that Remote Desktop listens on:
1) Start Registry Editor (Regedt32.exe).
2) Locate the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
3) On the Edit menu, click Modify, click Decimal, type the new port number, and then click OK.
4) Quit Registry Editor.

NOTE: When you try to connect to this computer by using the Remote Desktop connection, you must type the new port.

You need to add this to the default.rdp file for the XP terminal client... Add this line anywhere in the file.
server port:i:your port number
ie server port:i:4000

Best Regards

Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

SecurityResourcesIncAuthor Commented:
Thank you for the quick responds

I was more looking for a Firewall soultion rather than configuring clients registry.
jazzIIIloveCommented:
KirrilianCommented:
The registry entry was for the TS server, not the clients, my second post shows how to get the clients to connect.

You can set your firewall to port forward from an off port such as 4000 to 3389 on your TS server. You didn't state that in your question... ;)

I do this as well, the whole security by obscurity thing but your clients will still have to change the port they connect to.
SecurityResourcesIncAuthor Commented:
not quite.

I have a Sonicwall Pro 2040 Enhanced.

I've been able to create a service called Remote Desktop that uses port 3389 and it works as planned.

My goal is to use the same WAN IP address as programed above but to use port 4000. I believe this is called port forwarding. However, I'm slightly confused and the sonicwall Pdf isn't helping.

http://www.sonicwall.com/downloads/Configuring_SonicWALL__Port_Forwarding.pdf

any ideas?
jazzIIIloveCommented:
It would be better to state that in the question too...I missed the tags...Though, i learned to change now...lol
KirrilianCommented:
Try this one instead and substitute the ports you want to use rather than the VPN ports they are using.

http://www.sonicwall.com/downloads/Running_NetExtender_on_a_Different_TCP_Port.pdf
jazzIIIloveCommented:
SecurityResourcesIncAuthor Commented:
I had a collogue help me out.

Here was my problem I kept using the wizard to make my other remote desktop users. The key is once the remote desktop service is created theres no need to recreate it which is what I kept doing.

Also, what was throwing me off is that in the wizard it creates a private ip which is not necessary.

This is what we came up with.

1.      Create an Address Object allowing a WAN IP/ External IP to access the Firewall.
a.      Network > Address Object > Click Add button.
b.      Name: WAN IP/ External IP Access
c.      Zone Assignment: Host
d.      Type : Wan
e.      IP Address: Whatever your External IP Address is.
f.      Click OK
What youve done here is create a way for you to access this firewall from outside the network.

2.      Next, create your custom port.
a.      Go to Firewall > Services, put a bullet for Custom Services this will make it easier to see.
b.      Scroll down to the Services area and click on the Add button.
c.      From here is where you:
i.      Name the port that you are opening and assign what port to be open.
ii.      Protocol: for Remote Desktop is TCP (6)
iii.      Port Range: For me I wanted my Remote Desktop users to start Using 9000. So the port Range is 9000-9000.
iv.      And Sub Type I left alone. Then click OK.
3.      To keep things organized we added Services to a Services Group
a.      Click Add Group ex. Remote Desktop; for us since we had more than Remote Desktop users we called it External Ports.
b.      Then select your newly created Service from the left column and put it on the right by highlighting and then using the arrow button.
c.      Then click OK
4.      Next we went to Network > Address Object; place a bullet in Custom Address Objects.
a.      Click the Add Button
b.      Name: Username PC
c.      Zone Assignment: LAN
d.      Type: Host
e.      IP Address: Enter local IP address of computer or machine ex. 192.168.1.100
f.      Click OK
5.      Now, below Address Objects select NAT Policies ; place a bullet in Custom Policies. This is what binds the Outside IP address to the local IP address using your custom port.
a.      Original Source: Any (any request from the outside coming to the firewall)
b.      Translated: Original (keep the request the same, say if you want to enter through port 3389)
c.      Original Destination: Public IP Address (WAN IP/ External IP)
d.      Translates: Username PC (Custom Address Objects)
e.      Original Service: created Port 9000
f.      Translated: Remotes Desktop
g.      Interface Inbound: Any
h.      Interface Outbound: Any
i.      Click ok.

I hope this helps anyone who's had any confusion from reading, http://www.sonicwall.com/downloads/Configuring_SonicWALL__Port_Forwarding.pdf , Standard is pages 2 to the top of 3. For me I had enhanced which started on page 3-7.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.