Remote Desktop requires TCP port 3389 to be open. Also, opening UDP port 3389 enables acceleration since RDP 8.0.
It is possible to change the port used by the terminal server (or PC which is accessed), see this Microsoft support article: How to change the listening port for Remote Desktop. The UDP port for accelerated connection uses the same port number as the TCP setting and cannot be changed separately.
UDP acceleration is available since RDP 8.0 (shipped with Windows 8 and Windows Server 2012, available via an update on Windows 7 / Windows Server 2008 R2).
If you don't want to use 3389 externally, open a different port externally, but point it to 3389 on the IP address of the machine you want RDC on. This is helpful for routing many systems with RDC. It's also nice because it won't require any registry edits.
The only exception to the previous answer (3389) is when using Small Business Server through Remote Web Workplace.
In this case the server NAT's the connection between you and server port 80 (HTTP) or 443 (HTTPS), and then to the internal computer; so only 80/443 is required.
What ports should I open for remote desktop - Answer: None.
Opening RDC to the Internet is a BAD IDEA. Port scanners will pick up an open 3389 pretty quickly and try to break your logon.
https://www.grc.com/port_3389.htm
If security is concerned and you happen to have an Linux based router(e.g. OpenWrt), then don't add any NAT entry, for 3389 in this case.
Use your router as a jump server and create a SSH port forward.
Your router's sshd listens on 22 port for LAN network.
it also listens on port A for WAN network(the only one exposed), with only public-key authentication, so no brute force password attempts.
create public/private key pair, put the private one on your client devices, copy the public one onto your router (into the authorized_keys file)
establish the tunnel from your client devices: ssh -p [port A] -L:[port B]:RDP-box:3389 root@router (you can save this in SSH config or Terminal profiles for ease use in the future)
Remote Desktop requires TCP port 3389 to be open. Also, opening UDP port 3389 enables acceleration since RDP 8.0.
It is possible to change the port used by the terminal server (or PC which is accessed), see this Microsoft support article: How to change the listening port for Remote Desktop. The UDP port for accelerated connection uses the same port number as the TCP setting and cannot be changed separately.
UDP acceleration is available since RDP 8.0 (shipped with Windows 8 and Windows Server 2012, available via an update on Windows 7 / Windows Server 2008 R2).
In addition to opening port 3389 for UDP and TCP, I had to go edit the windows firewall rule and set Edge traversal to allow. Like this:
If you don't want to use 3389 externally, open a different port externally, but point it to 3389 on the IP address of the machine you want RDC on. This is helpful for routing many systems with RDC. It's also nice because it won't require any registry edits.
The only exception to the previous answer (3389) is when using Small Business Server through Remote Web Workplace.
In this case the server NAT's the connection between you and server port 80 (HTTP) or 443 (HTTPS), and then to the internal computer; so only 80/443 is required.
What ports should I open for remote desktop - Answer: None.
Opening RDC to the Internet is a BAD IDEA. Port scanners will pick up an open 3389 pretty quickly and try to break your logon. https://www.grc.com/port_3389.htm
You should open TCP and UDP 3389 (unless you specified a custom port).
While the accepted answer (only TCP 3389) used to be correct at the time, it is no longer up to date. In 2012 Microsoft introduced UDP transport of RDP. Depending on your network this can drastically improve performance of your RDP session. See this link by Microsoft for a much more detailed explanation: https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/RemoteFX-for-WAN-Overview-of-Intelligent-and-Adaptive-Transports/ba-p/247478
If security is concerned and you happen to have an Linux based router(e.g. OpenWrt), then don't add any NAT entry, for 3389 in this case.
Use your router as a jump server and create a SSH port forward.
we can set custom RDP port numbers using following path >> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
By default, Remote Desktop Protocol uses port 3389. However, you can change it to use a non-standard port.
Please refer to the following article for this.
https://manage.accuwebhosting.com/knowledgebase/933/How-to-change-the-default-RDP-Remote-Desktop-listening-port-on-your-Windows-VPS.html