Port Forwarding Windows Server
To use Parallels Remote Application Server (RAS) on Windows Server 2008 R2 with Windows Firewall enabled, a group of ports must be opened for the services to communicate. The figure below shows the ports in use by Parallels RAS Software to communicate between Parallels RAS Services on different machines:
Figure 1 – please click to enlarge
Note: In Figure 1, the “>” implies direction, so that if Server A is connecting to Server B, it will show “A > B”.
There are two ways to open ports in Windows 2008 R2: either using the MMC or by using the command line. To open a port in the firewall using the GUI, please do the following:
- Open Port TCP 20002 on a Windows Server 2008 R2.
- Logon using an administrator account.
- Click Start and type “Firewall Advanced” in the Search box, or choose Start > Administrative Tools > Windows Firewall with Advanced Security.
- If you use the search box, a list containing “Windows Firewall with Advanced Security” will appear; click on “Windows Firewall with Advanced Security” and the MMC will appear (Figure 2)
Figure 2 – please click to enlarge
By default, the Windows Firewall will be enabled, and the following rules established: “Inbound Connections that do not match a rule are blocked, ” and “Outbound connections that do not match a rule are allowed.”
Since the firewall configuration is already set to allow all outgoing connections, ports to be opened must be configured using the “Inbound Rules” option, by clicking on Inbound Rules on the left of the MMC (Figure 3), and click New Rule from the Right of the MMC (Figure 4).
Figure 3 – please click to enlarge
Figure 4 – please click to enlarge
The resulting wizard has five steps: Rule Type, Program/Protocol and Ports, Action, Profile and Name.
In the Rule Type section, select Port and click Next.
In the Protocol and Ports section, select the type of port (ex: TCP or UDP), using Figure 1.
Select the specific local ports and enter the port you wish to open, according to your scenario setup and Figure 1 (ex: Port 20002); then click Next.
In the Action section, select Allow the Connection, and click Next.
In the Profile section, make all three selections and click Next. If you wish to limit the connection to a particular profile, you can do so by selecting only the profiles you think are appropriate to your setup. As this section is somewhat unclear, it may be best to leave the port open in all profiles.
In the Name section, enter “Port number 20002”. You may change the 20002 to the port number you entered in the “Specific local ports” section. Include a description of the port, and why the selected port was opened (Ex: “Port in use by RAS to connect to RAS Publishing Agent”). Then click Finish.