Usg40 and remote desktop

damianodec Posts: 42  Freshman Member
edited April 2021 in Security


I have 3 pc and a server in my lan, and usg40 firewall.

All Pc are in domain on server

I done step by step this guide using 3399 for secondary port and using pc MYPC with ip

Pc MYPC has remote desktop enabled and windows firewall disabled

But nothing, I try inside lan from another pc using, but nothing.

Any help?

Thank you

All Replies

  • Hello,

    if you want to connect from the internet, you have to put your public ip.


  • damianodec
    damianodec Posts: 42  Freshman Member

    hi Nico,

    yes, I have !

  • lalaland
    lalaland Posts: 74  Ally Member


    If you have 3 pc in lan and you'd like to access RDP of 3 pc from Internet, just follow the guide to configure NAT rules with port mapping and security policy rules.

    Ex: The default RDP port of 3 pc is 3389.




    Suppose the WAN IP of USG40 is and configure NAT port mapping for pc2 and pc3. Pc1 still uses port 3389 without port mapping.

    pc1: 3389 -> 3389

    pc2: 3390 -> 3389

    pc3: 3391 -> 3389

    Security policy rule:

    From WAN to LAN, destination: pc1, pc2 and pc3, service: 3389, allow.

    To access 3 pc by RDP from Internet.




    To access 3 pc by RDP inside LAN:




  • damianodec
    damianodec Posts: 42  Freshman Member

    thank you, i'll try it.

  • RickyC
    RickyC Posts: 3
    Why expose 3389 to the internet?  I would think you could create a rule to allow traffic from 3390 and 3391, and let translation take care of it, but it does not work without exposing 3389 to internet.
  • PeterUK
    PeterUK Posts: 1,403  Guru Member

    A more safe way to allow 3389 is from source FQDN like the connecting client  runs DDNS the USG updates the IP for and allows RDP.

    Or you can NAT external port like 3000 to internal 3389 then the client uses IP:3000 for RDP  

Security Highlight