How do I allow RDP through the firewall.
I have Windows 7 Pro.
I allowed mstsc.exe but that did not work.
I allowed port 3389 but that did not work.
Instructions I have found on the Internet have not worked.
Thanks in advance.
Bump.
I would rather not have to switch to another firewall over something this minor.
Nobody uses Windows Remote Desktop?!?
You could give TeamViewer (free version) a try, it works great both way, there is also the option for unattended access if the computer you connect to is set up for that.
If you like to use RDT try and set Firewall Alerts to max as well as set Firewall to Custom Rules and see what connection requests are fired when you initiate RPT. Once you jot those down try to make rules so that you can allow the RDT connections. I am sure on the net, perhaps a M$ related site can tell you on what port and protocol is used for RDT. I might research this as it is always a good idea to know how to RDT with CFW.
Need more help, let me know.
thanks
what surprises me is there are no logs for me to look at.
that would be easiest … to check the logs for what is being blocked.
I see where logging can be turned on/off but what good is that if I don’t know how to access.
Ok, I will see if I can come up with something. Got several machines here and since this lies also in my interest I will see what sort of solution I can come up with. I can’t give a definite time as to when this might happen but I will try.
setting firewall to CUSTOM RULES did nothing.
I even turned off DO NOT SHOW FIREWALL ALERTS and still nothing.
I am switching to another brand of firewall.
I’ll continue to monitor this post.
Did you try setting Security Settings - Firewall - Firewall Settings - Set alert frequency level to VERY HIGH as well as Set new on-screen alert timeout to 999 ?
To allow an INBOUND connection, you must start with a global rule.
If it can’t get past the firewall’s inbound connection check, nothing else you do in CIS will help.
- From the CIS GUI, click TASKS
- Click FIREWALL TASKS → OPEN ADVANCED SETTINGS
- In ADVANCED SETTINGS, click FIREWALL → GLOBAL RULES
- In the GLOBAL RULES window, click the arrow head at the bottom of the pane and select ADD
- Setup a rule with the following parameters;
ACTION : ALLOW
PROTOCOL : TCP or UDP
DIRECTION : IN
DESCRIPTION : Insert meaningful name here
SOURCE ADDRESS : ANY (or your actual remote IP if known)
DESTINATION ADDRESS : ANY (This is your PC)
SOURCE PORT : ANY
DESTINATION PORT : 3389 - Click OK
- Ensure that the new rule is ABOVE any existing BLOCK rules by using the UP/DOWN buttons
- Click OK
CIS should now be able to receive an incoming connection on port 3389.
NOTE : The above steps assume that you have already port forwarded port 3389 on your router to your PC. If this is not done, the incoming connection request will be blocked by your router before it even gets to your PC.
Hope this helps,
Ewen 
I think you nailed it panic, great post, thank you! Will give this a try when doing RDP soon. Many thanks!
Perfect!
Works!
Thanks panic!
Glad to hear it worked for you.
The golden rule with any firewall/intrusion app is if you need to allow an inbound connection, you have to start with the outermost layer - the firewall itself. If you need to allow an outbound connection, you have to start with the innermost layer - application execution (in CIS’s case - Defense +).
Cheers,
Ewen
panic;
I tried your 8 step procedure with Comodo Firewall version 8 using my port number 3392. I am still not able to connect remotely. Do I also have to create a PortSet for port 3392?
Thanks.
G’day,
When you say “8 step procedure”, does that mean you didn’t spot the note under the 8 steps?
NOTE : The above steps assume that you have already port forwarded port 3389 on your router to your PC. If this is not done, the incoming connection request will be blocked by your router before it even gets to your PC.
The 8 step procedure is designed to deal with an inbound connection that has already made it past your router (and its firewall) and is wandering around your internal network looking for a system to connect to.
For your RDP request to make it past your router, you will need to “port forward” port 3392 on your router to the IP address allocated to your PC.
To be more precise, the 8 step procedure should actually be a 11 step procedure.
-
Identify the IP address used on the PC you want to connect to
From the command prompt, type “ipconfig” and look for the IP address allocated to your system -
Identify the public IP address assigned to your router by your ISP
This is the IP address you will be connecting to when you are away from home -
Setup a port forwarding rule on your router, passing port 3392 to the IP address identified in step 1
-
-
- As per my original post
-
Steps 1 - 3 are needed to allow incoming RDP directed at port 3392 to be received by the router and then forwarded to the IP address specified in the router port forwarding rule.
Steps 4 - 11 allow the system running CIS to receive inbound traffic destined for port 3392.
Port fowarding may sound a bit ominous, but all it does it is establish a rule that says (in a nutshell) “When I receive an inbound connection request on my public IP address for port 3392, allow the request inside the network and redirect it to the specified PC”. In effect a port forwarding rule makes your router act like a traffic cop, pushing specific traffic to specific systems on specific ports.
Given the wide variety of routers out there, generic answers on how to port forward just won’t cut it. The best online resource is www.portforward.com.
Hope this helps,
Ewen
REALLY IMPORTANT NOTE I FORGOT TO ADD
To ensure your RDP connection is consistent and constant, it is highly recommended that the PC you want to connect to has a static IP address.
A static IP address will not change, therefore the port forwarding rule you set up will always point at the right system.
If you use DHCP (where your router automatically assigns a valid internal IP address to your system), each system on your network can get a different internal IP address every time it is turned on. Your port forwarding rule is set up for a specific IP address and your router doesn’t know nor care whether the specified IP address is currently assigned to the system that had that IP address when you setup the port forwarding rule.
Cheers,
Ewen
panic;
Thanks very much for your additional information. I really appreciate it.