Easily configure Remote Desktop Gateway firewall rules

When you install Remote Desktop Gateway which enables RDP to be encapsulated in HTTPS a number of firewall exceptions are required which are enabled automatically. This also means the RDG has a public and private IP address.

There are many other firewall exceptions that are normal for Windows functionality that by default are enabled for the Any profile which when you have a public IP address on a NIC means they are also enabled to the Internet. What you really need is for those exceptions to be bound to the domain profile, i.e. the internal NIC. This is easy to do with PowerShell. Firstly you can list all the exceptions that are enabled for Any.

This will list a lot of exceptions. Next we want to change them to a profile of Domain except for the two required for RDG, the RDG UDP and HTTPS rules. This can be done with the following:


Note, you could change the rules to be excluded for other requirements you may have for other types of server.

Leave a Reply