Articles on: Server Administration

How to setup RDP custom port and configure firewall

Changing the default Remote Desktop Protocol (RDP) port can enhance security by making it more difficult for unauthorized users to locate and attempt attacks on your system. However, it's important to remember that this is just one layer of security and should be used in conjunction with other measures, especially a strong password.

Choose a New Port Number



Avoid Common Ports: Avoid well-known ports (0-1023) and registered ports (1024-49151). Choose a port in the dynamic/private range (49152-65535) to reduce the likelihood of conflicts.



Configuring the remote port



Start the registry editor. (Type regedit in the Search box.)


Navigate to the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp


Find PortNumber



Click Edit > Modify, and then click Decimal.


Type the new port number, and then click OK.


Close the registry editor,

Setting Firewall Rules



Create an inbound port rule

This type of rule allows any program that listens on a specified TCP or UDP port to receive network traffic sent to that port. To create an inbound port rule:

Open the Windows Firewall


In the navigation pane, select Inbound Rules


Select Action, and then select New rule


On the Rule Type page of the New Inbound Rule Wizard, select Custom, and then select Next
i

On the Program page, select All programs, and then select Next


On the Protocol and Ports page, select the protocol type that you want to allow. To restrict the rule to a specified port number, you must select either TCP or UDP. Because this is an incoming rule, you typically configure only the local port number If you select another protocol, then only packets whose protocol field in the IP header match this rule are permitted through the firewall. To select a protocol by its number, select Custom from the list, and then type the number in the Protocol number box. When you have configured the protocols and ports, select Next.


On the Scope page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then select Next


On the Action page, select Allow the connection, and then select Next


On the Profile page, select the network location types to which this rule applies, and then select Next


On the Name page, type a name and description for your rule, and then select Finish




Create an outbound port rule

By default, Windows Firewall allows all outbound network traffic, unless it matches a rule that prohibits the traffic. This type of rule blocks any outbound network traffic that matches the specified TCP or UDP port numbers. To create an outbound port rule:

Open the Windows Firewall


In the navigation pane, select Outbound Rules


Select Action, and then select New rule


On the Rule Type page of the New Outbound Rule wizard, select Custom, and then select Next


On the Program page, select All programs, and then select Next


On the Protocol and Ports page, select the protocol type that you want to allow. To allow the rule to a specified port number, you must select either TCP or UDP. Because this rule is an outbound rule, you typically configure only the remote port number If you select another protocol, then only packets whose protocol field in the IP header matches this rule are allowed by Windows Defender Firewall. Network traffic for protocols is allowed as long as other rules that match don't allow it. To select a protocol by its number, select Custom from the list, and then type the number in the Protocol number box. When you've configured the protocols and ports, select Next


On the Scope page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then select Next


On the Action page, select Allow the connection, and then select Next


On the Profile page, select the network location types to which this rule applies, and then select Next


On the Name page, type a name and description for your rule, and then select Finish


Restart your server.



Connecting to server after setting custom port

Open Remote Desktop Protocol application
Enter your ip address in the "Computer" field box followed by a colon then the port number
192.168.1.1:54892




Updated on: 29/06/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!