Solved

Networking: RDP and Port # 3389

Posted on 2013-01-14
5
840 Views
Last Modified: 2013-01-15
Hi,

This is related to remote desktop between Main Office and Branch Office. To do it, we can use the followings software:
- LogMeIn.com
- TeamViewer.com
- GotoAssist
- Cisco WebEX
- VNC
- Remote Assistance (Microsoft)

There are Firewalls, Both at Main Office and Branch Office.

My question: What should the Network Administator do related to Port # 3389? Would you explain a little bit of it please

Thank you

tjie
0
Comment
Question by:tjie
5 Comments
 
LVL 92

Accepted Solution

by:
John Hurst earned 200 total points
ID: 38775771
Port 3389 is for direct access in. I don't think you need to enable it for Logmein, WebEx, Remote Assistance. These tools use authentication at both ends and so should not need that port open. I think you should just leave it closed. I do not use the other ones.

... Thinkpads_User
0
 
LVL 8

Assisted Solution

by:d0ughb0y
d0ughb0y earned 200 total points
ID: 38775870
LogMeIn, WebEx, GoToMyPC, etc. all use outbound connections, not inbound, so the network administrator only needs to make sure not to block outbound traffic from the machine in question.

For Remote Desktop (and Remote Assistance, for that matter) the Network Admin will have to allow port 3389 into the machine from outside. He/she will need to set up a firewall rule to allow the traffic through (i.e. open the port), as well as (likely) a static NAT pointing the 3389 traffic to the internal IP address of that machine.
0
 
LVL 20

Assisted Solution

by:rauenpc
rauenpc earned 100 total points
ID: 38775874
Thinkpads is right.

For 3389, would likely need to setup a firewall and nat rule for each PC that needs direct access. This can chew up a lot of IP's and admin time. Most customers that require this end up building a terminal server so that outside users connect to one server, and RDP from there to any other inside devices.

I can't say for sure on remote assistance as I've never actually used that, but for applications like LogMeIn, WebEx, Team Viewer, Join.Me, etc., they all make connections to the outside world to register. This registration creates an active session on the firewall since it started from inside the network. Assuming the firewall wasn't configured to specifically block this connection, you will be able to connect in to that device using the active session. The application servers in the outside world act as a proxy to allow the use of an existing session so you don't need to worry about a giant security hole with these apps.
0
 

Author Comment

by:tjie
ID: 38776539
Hi all,

Per the above explanation ...

I agree with thinkpads that the network administrator should NOT do anything related to the port # 3389 (either it is open or close) to use LogMeIn, VNC, etc

Please post it back if you do not agree

Thank you

tjie
0
 
LVL 8

Assisted Solution

by:d0ughb0y
d0ughb0y earned 200 total points
ID: 38776791
That's correct, regarding port 3389. None of those have to do with 3389 - which is only RDP, and which would require the inbound connection, per above. However you mention VNC. VNC is not in the same category as LogMeIn, Citrix, etc. VNC is an inbound service. It doesn't start a connection with an external site, like those others. So it would require inbound NAT and firewall rules, to make it available from the outside. I believe the standard port for VNC is 5900, not 3389.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now