Unable to connect to RD Gateway outside network

Hi, I have a single RDS, very small environment. I have RDSH and RD Gateway on the same box with a GoDadday Cert. AD Domain name is a .local. When I connect to the RDS through the Gateway it works fine internally, I get my desktop, externally it does not connect at all. Nothing in the event log on the server. If I use RDweb it works, my firewall is forwarding tcp:443, I don't have UDP Transport enabled, even when I did I was forwarding UDP:3391 as per the RDS Gateway Manager. If I wireshark my box I see connections from my WAN IP. The only errors I see are via the RD Client, this is just the usual "remote desktop can't connect" etc

OS is Server 2012 R2

Any ideas?
.. ..Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
Just to be clear, you are able to connect to RDWEB from outside your network? To me it sounds like a firewall issue.

Your firewall logs will give you more information as to the exact nature of the problem, but I would start  by making sure the firewall allows all traffic between the outside and this specific server, then narrow it down from there.
.. ..Author Commented:
Hi Brain B, Correct, I can connect to RDWeb from outside my network. I Agree with what you said, I have infact made sure I am on the latests firmware revision for my firewall (Watchguard XTM) and I also restarted it out of hours. I can see the traffic passing through on the firewall logs. I have disabled the Windows firewall also. I will look at your suggestion to enable all traffic. Thanks.
.. ..Author Commented:
Hi Brian B, it still did not connect. I will open a support case with Watchguard, just to be sure.

Any more ideas would be welcome. I am out of them.
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

Hi, enable UDP transport then check your Wireshark results between external and internal , do you see the UDP traffic when connecting externally ? Like Brian B said it must be some difference being introduced by your Watchguard.
Go to my Bio and send me the wireshark traces if you want?
OK thanks, the issue is your own firewall blocking this ? you can see it in the trace....
.. ..Author Commented:
I've requested that this question be deleted for the following reason:

I don't understand.
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
Bob, I am going to object to closing the question because you previously agreed that you were given an answer. The issue was that you accepted "it breaks therefore I am"'s answer as the sole solution with no comment as to why. However I provided almost the same answer (that the issue is the firewall) before.

If you want to accept both answers, see the instructions provided by eenookami.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
.. ..Author Commented:
Hi, You did not go into as much detail as the other guy, it was not the firewall where the RDS was, it was actually the firewall where the connection was coming from and in fact after I spoke to Watchguard tech support based on his feedback it turns out to be a Fireware bug. The other issue is that I don't want to expose logs to the Internet therefore it worked for me to not post them on a public forum.

This is a joke, I struggle to understand why this has been such an issue. Life is hard enough without going out looking for arguments, enjoy your T-Shirt I guess.
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
Thanks for taking the time to properly close the question.

FYI: Instead of sending me T-Shirts, I have opted for Experts-Exchange to donate money to charity on my behalf.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.