When you create a firewall rule and select a Transport Protocol, the Reliable Data Protocol (RDP) is used to allow or block traffic for IP Protocol 27. For more information about RDP, see: RFC 908.

If you want to create firewall rules to allow or block Microsoft Remote Desktop functions (default port is 3389), use the TCP protocol. Also, specify the ports in the Local service or Remote service section.

Don't specify port 3389 in both Local service and Remote service at the same time. RDP connections are typically made with high random ports (1024–65535) to port 3389. The port 3389 value depends on whether the RDP connection is being made to or from a local or remote host. Configure the firewall rule appropriately depending on the direction.

Typically, RDP connections work like this:

• RDP connections OUT: Local port 1024–65535 --> Remote port 3389
• RDP connections IN: Local port 3389 <-- Remote port 1024–65535

NOTE: When you define high random ports, 1024–65535 is typically used. But, you can leave the port value <blank>, which applies a 0–65535 port value.