To use Parallels® Remote Application Server (RAS) on Windows Server 2008 R2, Windows Server 2012 R2, or Windows Server 2016 with Windows Firewall enabled, a number of ports must be opened for the Parallels RAS components to communicate.

List of TCP and UDP Ports That Parallels RAS Uses

The figure below shows the most common ports used by the Parallels RAS component to communicate when running on different machines:

Windows Server

Figure 1

Note: In Figure 1, the “>>” implies direction, so if Server A is connecting to Server B, it will show “A >> B”. Therefore, you should open the following ports for the Parallels RAS components to work:

  • Gateway
    • TCP Ports 80 and 443
    • UDP Port 20,000
  • Publishing Agent
    • TCP Ports 20,001, 20,002 and 20,003
  • TS Agent
    • TCP Port 30,004
    • UDP Port 30,004
  • VDS Agent
    • TCP Port 30,007
    • UDP Port 30,007

For a detailed and complete list of all the ports that the Parallels RAS components use to communicate to each other, please refer to the Port Reference section in the Parallels Remote Application Server Administrator’s Guide.

Start your Parallels RAS 30-days free trial today!  

Default Windows Server Firewall Configuration

The Windows Firewall is enabled by default on all profiles on a Windows Server operating system. The default configuration has the following rules:

  • Inbound connections that do not match a rule are blocked
  • Outbound connections that do not match a rule are allowed

Since the Windows Firewall configuration is already set to allow all outgoing connections, only ports for incoming connections must be opened. These must be configured in the “Inbound Rules,” as explained in the below procedures.

Configuring the Windows Firewall

There are three different ways to open ports in Windows Server 2008/2012 R2 and Windows Server 2016. You can do so by using either the MMC, the command line (netsh), or Powershell commands (just for 2012R2 and 2016).

Quick Links (link to the below sections)

Opening Ports on the Windows Firewall Using GUI

Opening Ports on the Windows Firewall Using Command Line (netsh)

Opening Ports on the Windows Firewall Using PowerShell

Opening Ports on the Windows Firewall Using GUI

To open a port in the firewall using the GUI in Windows Server 2008/2012 R2 and Windows Server 2016, follow the below steps:

  1. Login using an administrator account.
  2. Click Start > Administrative Tools > Windows Firewall with Advanced Security

Windows Server

Figure 2

  1. Click on Inbound Rules on the left of the MMC (Figure 3), and then on New Rule on the Right of the MMC (Figure 4).

Windows Server

Figure 3                                                                                Figure 4

The wizard to open a port and accept incoming connections has five steps: Rule Type, Protocol and Ports, Action, Profile, and Name. For this example, we will open TCP port 20002 on servers that are running the Parallels RAS Publishing Agents role:

  1. In the Rule Type section, select Port and click Next:
    Windows Server
  2. In the Protocol and Ports section, select TCP as the type of protocol and type 20002 in the Specific local ports input field:
    Windows Server
  3. In the Action section, select Allow the Connection and click Next.
    Windows Server 2008
  4. In the Profile section, select all three options and click Next. If you wish to limit the connection to a particular profile, you can do so by selecting only the profiles you think are appropriate to your setup. For this example, we will open the port on all profiles.

Windows Server

  1. In the Name section, enter a descriptive name for this rule. It is recommended to list the port number in the name, so the rule is easily recognizable. For example, name the new rule Pub_Agent_20002_IN. Click Finish when ready.Windows Server

To open additional ports, repeat the above procedure for each additional port and/or protocol you’d like to open in each server.

Opening Ports on the Windows Firewall Using Command Line (netsh)

To open a port on the Windows Firewall using the netsh command line, follow the below procedure:

  1. Login to the server using an administrator account.
  2. Run the Command Prompt as Administrator.
  3. Execute the following command to open the TCP port 20,002 on the servers running the Publishing Agents role:

Windows Server

Below is an explanation of the format of the netsh command:

Windows Server 2008

Note: By default, netsh opens the specified port on all profiles. If you want to specify a specific profile, use the profile parameter:

profile=public|private|domain

To open additional ports, repeat the above procedure for each additional port and/or protocol you’d like to open in each server.

Opening Ports on the Windows Firewall Using PowerShell

To open a port in the Windows Firewall using PowerShell commands, follow the below procedure (applies only for 2012 R2 and 2016 Windows Server OS):

  1. Logon using an administrator account.
  2. Run the Windows PowerShell as Administrator.
  3. Execute the following command to open the TCP port 20,002 on the servers running the Publishing Agents role:

Windows Server

Below is an explanation of the format of the New-NetFirewallRule PowerShell command:

Windows Server

Note: Default New-NetFirewallRule opens the specified port in all profiles. If you want to specify a specific profile, add the –Profile parameter to the command with one of the following options:

-Profile=public|private|domain

To open additional ports, repeat the above procedure for each additional port and/or protocol you’d like to open in each server.


References

Manage firewall settings

Add or Edit Firewall Rule

Opening Ports in the Firewall



Leave a Reply


Your email address will not be published. All fields are required.