How to Allow a TCP Port 3389 on Windows Firewall

By Michelle Carvo

Updated October 04, 2017

Windows Firewall doesn't block outgoing ports, only incoming ports.
i Jupiterimages, Brand X Pictures/Brand X Pictures/Getty Images

A failed Windows Remote Desktop connection may mean that you need to "allow" the TCP port 3389 on your computer. You can easily allow this port on both Windows 8/10 and Windows 7 computers, but first understand the basics of what this port does and any security vulnerabilities.

Port 3389 Basics

TCP Port 3389 is used for the Windows Remote Desktop Protocol (RDP) and is also sometimes used by Windows Terminal Server. You may choose to allow or open this port in Windows Firewall to give another computer, either on the same network or another network, access to your computer. Opening the 3389 port is typically safe if you keep your computer updated with the latest Windows updates, although there is a vulnerability that exists with the RDP in which attackers can send a sequence of packets to this port and potentially access your computer. Outdated computers are especially vulnerable to this attack.

Allow Port 3389 in Windows 8/10

To allow the TCP 3389 port in Windows Firewall on Windows 8/10:

  1. Click the “Windows” button on your taskbar and then click “Settings.” Type “Control Panel” into the Windows Settings search bar and press the “Enter” key to open the Control Panel.
  2. Click the “System and Security” option and then click “Windows Firewall.” Click “Advanced Settings.”
  3. Click the “Inbound Rules” option on the sidebar of the Windows Firewall window and then click the “New Rule” option under the “Actions” sidebar.
  4. Click the “Port” option under “What type of rule would you like to create?” and then click “Next.”
  5. Click “TCP” for the port type and then click “Specific local ports.” Type in 3389 to the textbox next to “Specific local ports” and then click “Next.”
  6. Click “Allow the connection” and then click “Next.” Select all options for connection types (Public and Private networks) on the next screen regarding when to apply the rule, then click “Next” again.
  7. Type in a name for the rule such as "TCP 3389," then click “Finish” to allow the 3389 port in Windows Firewall.

Allow Port 3389 in Windows 7

To allow the TCP 3389 port in Windows Firewall on Windows 7:

  1. Click the “Start” button in the taskbar, then “Control Panel.” Click “Windows Firewall” to launch the firewall settings.
  2. Click the “Advanced settings” option in the sidebar of Windows Firewall.
  3. Click the “Inbound Rules” option in the sidebar and then click “New Rule.”
  4. Click “Port” for the rule type, then click “Next.” Click “TCP” to define what the rule applies to, then click “Specific local ports.” Type 3389 into the box next to “Specific local ports,” then “Next.”
  5. Click “Allow the connection” and then “Next.” Select all of the options for connection types (Public and Private networks) regarding when to apply the rule, then click “Next.”
  6. Type in a name for your rule and then click the “Finish” button to add the new rule to your computer. The 3389 port is now allowed on Windows Firewall in Windows 7.
×