RDP Port forwarding on Win 2008 server

Posted on 2013-01-31
Medium Priority
Last Modified: 2013-02-07
We have a Windows 2008 Standard R2 server that we use for RDP.  It was originally set up by an external consultant.  He did port forwarding on our firewall so that you would have to enter another port number other than 3389 when accessing the server (ex remote.domain.com:12345).

We are upgrading our firewalls and this firewall does not want to play nice with the port forwarding.  Is there a way for me to do the port forwarding directly on the server instead of through the hardware firewall?

Question by:jmerulla
LVL 61

Accepted Solution

Cliff Galiher earned 2000 total points
ID: 38842270
No there is not, and honestly, even port forwarding on the firewall is not a great solution.

If you are properly licensed and each connecting user has an RDS CAL, then you are already licensed to set up and use the RDGateway service. This is DESIGNED for this task. It will secure RDP sessions and proxy them via port 443, which almost every firewall in existence supports, no funky remapping required.
LVL 53

Expert Comment

by:Jackie Man
ID: 38842906
Does your ISP give you a range of real IP address?

If yes, try the following:

You can assign a real IP to the NIC of the server, so that you can assess the server by:

   Real IP:443

But, it is not a good practice as it will be difficult to maintain security.


You can buy a NAS with router features and assign a real IP to the NAS and put the NAS into the DMZ of your network. Then, port forward to the server 2008 R2 from the NAS.

Author Comment

ID: 38844335
The Cisco ASA firewall has NAT set up for the RDP server so when staff try to connect from outside to externalip:nonrdppport it forwards to internalip:3389.  We've noticed that if we try to use that server for anything else on the ASA we get warnings about the port forwarding.

We don’t have the external ip address set up on the NIC of the server because staff sometimes have t access the RDP server internally  (quick way to work if having computer issues).
LVL 18

Expert Comment

ID: 38844675
I agree with cgaliher, RDG is the best and secure way to go. You can configure it on the current RDS and need a single name certificate. You only need to map 443 TCP to the internal server. All other RDC icons will need to be updated to be aware of the gateway settings and away you go.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question