question

ElevenYu-MSFT avatar image
0 Votes"
ElevenYu-MSFT asked JennyYan-MSFT answered

RD Gateway Firewall Setup Question

=================
Hello,
I was reviewing this Technet forum thread in addition to other articles, and from what I understand, I do not need to set up the firewall rules on my external firewall for my RD Gateway server as a terminal server(TCP port 3389), but only as a web server(TCP port 443 and possibly UDP port 3391).
"Firewall rules for the path between the external network and the perimeter network (Ports that need to be opened on the external firewall):
· Port TCP:443 should be opened for allowing HTTPS traffic from the client sitting on the Internet to the RD Gateway server in the perimeter network.
"
https://social.technet.microsoft.com/Forums/windows/en-US/a241a5be-e39d-4dfc-a513-e4f83c4dc906/rd-gateway-ports-and-certificates?forum=winserverTS


This article adds UDP port 3391 in addition to port 443:
https://blog.alschneiter.com/2015/10/28/rds-rd-gateway-ports/


Please clarify. thank you,
Brian

TechNet forum original post link:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/5ece1bf6-52d2-4761-970e-28a69fb0a964/rd-gateway-firewall-setup-question?forum=winserverTS

remote-desktop-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JennyYan-MSFT avatar image
0 Votes"
JennyYan-MSFT answered

Welcome to our new Microsoft Q&A Platform.
Hi,
You could check the instructions from the official document:
For inbound external internet based traffic from RD Clients to the Gateway:
• TCP 443:  HTTP (includes RPC over HTTP) over SSL - (configurable using RD Gateway Management console)
• UDP 3391:  RDP/UDP (configurable using RD Gateway Management console) (NOTE: Firewalls that have directional UDP analysis, such as TMG, require UDP "Send Receive"  configured)
For internal traffic from the Gateway and the Internal Remote Desktop resources
• TCP|UDP 3389: RDP (NOTE: Firewalls that have directional UDP analysis, such as TMG, require UDP "Send Receive" configured in the UDP protocol)
 
Reference link:
https://social.technet.microsoft.com/wiki/contents/articles/16164.rds-2012-which-ports-are-used-during-deployment.aspx
 
Thanks


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.