What is RDP Shortpath?
Remote Desktop Protocol (RDP) by default uses a TCP-based reverse connect transport as it provides the best compatibility with various networking configurations and has a high success rate for establishing RDP connections. However, if RDP Shortpath can be used instead, this UDP-based transport offers better connection reliability and more consistent latency.
Shortpath over Public networks Overview
Overview
UDP is enabeled by default. Client and AVD Host must be allowed to use udp.
Network configuration
Details can be found here: https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-shortpath?tabs=public-networks#session-host-virtual-network#
Session host virtual network
| Name | Source | Source Port | Destination | Destination Port | Protocol | Action |
|---|---|---|---|---|---|---|
| RDP Shortpath Server Endpoint | VM subnet | Any | Any | 1024-65535 (default 49152-65535) | UDP | Allow |
| STUN/TURN UDP | VM subnet | Any | 20.202.0.0/16 | 3478 | UDP | Allow |
| STUN/TURN TCP | VM subnet | Any | 20.202.0.0/16 | 443 | TCP | Allow |
Client network
| Name | Source | Source Port | Destination | Destination Port | Protocol | Action |
|---|---|---|---|---|---|---|
| RDP Shortpath Server Endpoint | Client network | Any | Public IP addresses assigned to NAT Gateway or Azure Firewall (provided by the STUN endpoint) | 1024-65535 (default 49152-65535) | UDP | Allow |
| STUN/TURN UDP | Client network | Any | 20.202.0.0/16 | 3478 | UDP | Allow |
| STUN/TURN TCP | Client network | Any | 20.202.0.0/16 | 443 | TCP | Allow |
Result
Shortpath Managed networks
For managed networks you can also establish an direct connection from your enddevice to the session host via Express Route or a Site-2-Site VPN.
To enable this you need to do the following:
- enable shortpath on session host
admx files can be downloaded here: https://aka.ms/avdgpo
- Windows Firewall – allow port 3390
New-NetFirewallRule -DisplayName 'Remote Desktop - RDP Shortpath (UDP-In)' -Action Allow -Description 'Inbound rule for the Remote Desktop service to allow RDP Shortpath traffic. [UDP 3390]' -Group '@FirewallAPI.dll,-28752' -Name 'RemoteDesktop-UserMode-In-RDPShortpath-UDP' -PolicyStore PersistentStore -Profile Domain, Private -Service TermService -Protocol UDP -LocalPort 3390 -Program '%SystemRoot%\system32\svchost.exe' -Enabled:True- Set group policy setting on clients
Result
