Forum Discussion

Huseyin Bilgen's avatar
Huseyin Bilgen
Copper Contributor
Apr 19, 2017

Port Mapping on new Azure Portal

We needed to access to one of our VM via RDP protocol from a customer location where RDP ports are restricted on Firewall. I searched internet for a way to map default 3389 RDP port to 443 so I can access the VM.

Everything is showing the way on the Classical Portal where there was a functionality called End Points. Endpoints were allowing you to map internal and external ports differently.

Other resources shows that doing it with Network Security Groups (NSG) not possible.

 

So, if you're new in Azure and started to use Azure Portal only way to map ports is to use a Load Balancer.

 

1. Add a new Load Balancer. And then add a new inbound NAT rule

2. Configure the nat to ponit to the VM you wish to connect. And give the port 443 as Port number.

 

Thats it!

  • why would you want to map 443 (the SSL Default) to 3389, what are you trying to achieve ? I'm just curious, have you considered a Remote desktop Gateway ?
    • Huseyin Bilgen's avatar
      Huseyin Bilgen
      Copper Contributor

      Hi Kent,

       

      In general, information can be used for any port. So 3389 is an example and can be adapted to any port mapping.

       

      Answer to your question is: Think that you needed to connect to the system where firewall prevents you to connect default RDP port. So it is not possible to setup Remote desktop Gateway.

       

      Regards

      • Kent Gaardmand's avatar
        Kent Gaardmand
        Steel Contributor

        Hi huseyin

         

        The RDP gateway provides en encrypted tunnel via 443 from the end user to RDP GW and once in your internal network port 3389 is used to connect to any machine you allowed on your internal network.

        therefor you dont acutally need to do port mapping.

         

        Any just wanted to suggest an alternate solution to your specific problem, the RDP gw can also use MFA and provide you with a more secure solution.

         

        but nice contribution on showing port mapping in general. 

         

        kind regards

  • Ankit Dalal's avatar
    Ankit Dalal
    Copper Contributor

    Can you not just set the DNAT rule on firewall ??

     

     

    Configure a DNAT rule

    1. Open the RG-DNAT-Test, and click the FW-DNAT-test firewall. //example
    2. On the FW-DNAT-test page, under Settings, click Rules. //example
    3. Click Add DNAT rule collection.
    4. For Name, type RC-DNAT-01. //example
    5. For Priority, type 200. //example
    6. Under Rules, for Name, type RL-01. //example
    7. For Source Addresses, type *.
    8. For Destination Addresses type the firewall's public IP address.
    9. For Destination ports, type 443
    10. For Translated Address type the private IP address for the virtual machine.
    11. For Translated port, type 3389.
    12. Click Add.

Resources