Remote Desktop to several PC's behind Firewall



I'm using XP Pro via internet through a Sonicwall TZ170 to access my Win 2000
server - this works fine. I want to allow users to remote in directly to
their desktop; I have set the listining port to 3388 on the PC and tried to
setup rules in Sonicwall but have had no luck hitting "ipaddress:3388" on the
lan. Windpws Firewall excetions have been set and RDP has been allowed on the

How do I setup multiple TC/RDP access the way I want it?



Sooner Al [MVP]

This page has examples of one way to do that by opening multiple ports on a

A better way, IMO, is to use a VPN or Secure Shell (SSH) tunnel and run all
RDP traffic through the tunnel. Here is how I do that using SSH...


Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program -
This posting is provided "AS IS" with no warranties, and confers no


Apr 16, 2011
Reaction score
To set up multiple remote desktop clients using a sonicwall TZ170 you must complete 4 steps in the sonicwall and one step on the client machine.

First Sonicwall: (1) Make address objects of the client machine under the Network tab. This tells the sonicwall what IP address a computer is on.

(2) Next Create a service called whatever you want, I use the name remotedesktopport3395. The port number can be anything you want. I usually use numbers in the range of the default port number of 3389. Port numbers such as 3390,3391,3392. On the Sonicwall open the Firewall tab and then click on services. Then at the bottom of page click add serivce. Type in the name you want and select a port number and select the TCP(6) protocol. You have now created the service.

(3) Next create a NAT policy under the Network tab. This is the most confusing part. This is how I fill in the tabs: Original Source: Any. Translated Source: Original. Original Destination:WAN Primary IP. Translated Destiniation:The address object you created above. Original Service:The name of the service you created above. Translated Serivce: Original. inbound interface:WAN. Outbound interface:Any. Also check the box to enable the NAT policy at the bottom of the window.

(4) Next create and Access rule from the WAN to the LAN under the Firewall tab and make the fields read as: Source:Any Destination: WAN PRimary IP and the Service:the name of the service you created above.

Now for the client machine/computer. You must change the listening port of the remote desktop service. To do this follow the instructions located in Microsoft Knowledge Base Article Q306759 or use this link: Now open the remote desktop and type in the computer name or IP address and attach the port number to the end of the ip address. Example if your IP address was 123.987.654.321 and you used port 3395 the you would type in 123.987.654.321:3395 on the remote desktop connection application. dont forget the colon!

I know it is confusing but I hope this helps someone. It took many hours of reading to find out how to do this. I currently have 8 people all using remote desktop from home to the office.
Last edited:

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question