Solved

Networking: RDP and Port # 3389

Posted on 2013-01-14
5
872 Views
Last Modified: 2013-01-15
Hi,

This is related to remote desktop between Main Office and Branch Office. To do it, we can use the followings software:
- LogMeIn.com
- TeamViewer.com
- GotoAssist
- Cisco WebEX
- VNC
- Remote Assistance (Microsoft)

There are Firewalls, Both at Main Office and Branch Office.

My question: What should the Network Administator do related to Port # 3389? Would you explain a little bit of it please

Thank you

tjie
0
Comment
Question by:tjie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 95

Accepted Solution

by:
John Hurst earned 200 total points
ID: 38775771
Port 3389 is for direct access in. I don't think you need to enable it for Logmein, WebEx, Remote Assistance. These tools use authentication at both ends and so should not need that port open. I think you should just leave it closed. I do not use the other ones.

... Thinkpads_User
0
 
LVL 8

Assisted Solution

by:d0ughb0y
d0ughb0y earned 200 total points
ID: 38775870
LogMeIn, WebEx, GoToMyPC, etc. all use outbound connections, not inbound, so the network administrator only needs to make sure not to block outbound traffic from the machine in question.

For Remote Desktop (and Remote Assistance, for that matter) the Network Admin will have to allow port 3389 into the machine from outside. He/she will need to set up a firewall rule to allow the traffic through (i.e. open the port), as well as (likely) a static NAT pointing the 3389 traffic to the internal IP address of that machine.
0
 
LVL 20

Assisted Solution

by:rauenpc
rauenpc earned 100 total points
ID: 38775874
Thinkpads is right.

For 3389, would likely need to setup a firewall and nat rule for each PC that needs direct access. This can chew up a lot of IP's and admin time. Most customers that require this end up building a terminal server so that outside users connect to one server, and RDP from there to any other inside devices.

I can't say for sure on remote assistance as I've never actually used that, but for applications like LogMeIn, WebEx, Team Viewer, Join.Me, etc., they all make connections to the outside world to register. This registration creates an active session on the firewall since it started from inside the network. Assuming the firewall wasn't configured to specifically block this connection, you will be able to connect in to that device using the active session. The application servers in the outside world act as a proxy to allow the use of an existing session so you don't need to worry about a giant security hole with these apps.
0
 

Author Comment

by:tjie
ID: 38776539
Hi all,

Per the above explanation ...

I agree with thinkpads that the network administrator should NOT do anything related to the port # 3389 (either it is open or close) to use LogMeIn, VNC, etc

Please post it back if you do not agree

Thank you

tjie
0
 
LVL 8

Assisted Solution

by:d0ughb0y
d0ughb0y earned 200 total points
ID: 38776791
That's correct, regarding port 3389. None of those have to do with 3389 - which is only RDP, and which would require the inbound connection, per above. However you mention VNC. VNC is not in the same category as LogMeIn, Citrix, etc. VNC is an inbound service. It doesn't start a connection with an external site, like those others. So it would require inbound NAT and firewall rules, to make it available from the outside. I believe the standard port for VNC is 5900, not 3389.
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question