• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 773
  • Last Modified:

RDP Port forwarding on Win 2008 server

We have a Windows 2008 Standard R2 server that we use for RDP.  It was originally set up by an external consultant.  He did port forwarding on our firewall so that you would have to enter another port number other than 3389 when accessing the server (ex remote.domain.com:12345).

We are upgrading our firewalls and this firewall does not want to play nice with the port forwarding.  Is there a way for me to do the port forwarding directly on the server instead of through the hardware firewall?

Thanks!
0
jmerulla
Asked:
jmerulla
1 Solution
 
Cliff GaliherCommented:
No there is not, and honestly, even port forwarding on the firewall is not a great solution.

If you are properly licensed and each connecting user has an RDS CAL, then you are already licensed to set up and use the RDGateway service. This is DESIGNED for this task. It will secure RDP sessions and proxy them via port 443, which almost every firewall in existence supports, no funky remapping required.
0
 
Jackie ManCommented:
Does your ISP give you a range of real IP address?

If yes, try the following:

You can assign a real IP to the NIC of the server, so that you can assess the server by:

   Real IP:443

But, it is not a good practice as it will be difficult to maintain security.

OR

You can buy a NAS with router features and assign a real IP to the NAS and put the NAS into the DMZ of your network. Then, port forward to the server 2008 R2 from the NAS.
0
 
jmerullaAuthor Commented:
The Cisco ASA firewall has NAT set up for the RDP server so when staff try to connect from outside to externalip:nonrdppport it forwards to internalip:3389.  We've noticed that if we try to use that server for anything else on the ASA we get warnings about the port forwarding.

We don’t have the external ip address set up on the NIC of the server because staff sometimes have t access the RDP server internally  (quick way to work if having computer issues).
0
 
NetfloCommented:
I agree with cgaliher, RDG is the best and secure way to go. You can configure it on the current RDS and need a single name certificate. You only need to map 443 TCP to the internal server. All other RDC icons will need to be updated to be aware of the gateway settings and away you go.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now