Last updated on June 1, 2021
How to configure RDP TCP Port and UDP Port requirements
Windows Firewall is used to enhance the system security, allowing or blocking inbound and outbound network traffic. Due to security reasons, and as a best practice recommendation, the firewall configuration becomes even much more important when the servers are exposed to external accesses.
The RAS Secure Client Gateway ensures security by tunneling all Parallels RAS data through a single port. This article will explain how to create the RDP TCP and UDP firewall rules for the Parallels® Remote Application Server (RAS) Secure Client Gateway.
There are some benefits that RDP UDP offers over RDP TCP:
- Improved network connectivity performance specially on wireless and wide area networks (WANs)
- Allows sharing of network resources with other users
- Forward error correction (FEC) logic recovers random packet losses
- Overcomes the inefficacies of RDP TCP such as high latency, high packet loss rates and queueing delays
- Improves the overall user experience
Steps to configure external access
The following table lists the ports used by RAS Secure Client Gateway for external accesses:
| Protocols | Ports | Description |
| TCP, UDP | 80,443 | Management and user session connections |
| TCP, UDP | 3389 | Used by RAS Secure Client Gateway in Normal mode and used for user session if RDP Load Balancing is enabled. |
| TCP, UDP | 20009 | Optional – If Client Manager is enabled |
Windows Firewall allows, by default, all outgoing connections, hence, only ports for incoming connections should be opened as explained below.
- Logged in as an Administrator, navigate to Control Panel \ All Control Panel Items \ Windows Firewall and click on Advanced settings.
- Select Inbound Rules in the left panel, and then click on New Rule in the right panel.
- Select Port and click Next.
- Select TCP, enter “80,443,3389,20009” in the Specific local ports field and click Next.
- Select Allow the connection and click Next.
- Select all three options, Domain, Private, and Public, and click Next. If due to the setup conditions, the connection needs to be applied only to certain network profiles, choose the appropriate ones.
- Enter a Name and a Description (optional) and click Finish.
- Repeat all these steps for UDP connections, choosing UDP in the Protocols and Ports screen (step 4) and enter a different Name to identify the new rule (step 7).
Once you have configured the firewall for the Secure Client Gateway, it is recommended to also enable and configure it for the rest of the Parallels RAS components. The complete set of ports used by each component can be found in the following article Firewall requirements for Parallels RAS.
Supported operating systems
RAS Secure Client Gateway is supported on the following operating systems:
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016 Server Core and Desktop Experience installations
- Windows Server 2019 Server Core and Desktop Experience installations
Related How-To
How Parallels RAS helps businesses to be PCI DSS Compliant
How to Enable Your Team to Access What They Need, Anywhere, Anytime
Windows Server 2008 R2 onwards Firewall Configuration for Parallels RAS
If you have any questions, please get in touch.
Get started with your 30-day free trial of Parallel RAS.
