Allowing RDP sessions only through a specific interface on Server 2012R2
You had to use/configure Windows Firewall, here. Simply modify the incoming RDP rules to allow connection only from the desired interface.
Related videos on Youtube
05 : 16
10 : 47
03 : 15
09 : 07
01 : 43
Deprived.Writer
Updated on September 18, 2022Comments
-
Deprived.Writer over 1 year
I read a previous post on StackExchange in regards to this issue that I'm having. I have a server that uses 2 networks, a private network on a promiscuous port (it's able to talk to all of the isolated ports on the network, but the isolated ports cannot talk to each other) and the "public facing" network interface (even though it's only open to the LAN and some other devices). This server needs to be very secure in that only RDP sessions can be initiated on the public facing interface and not the private interface.
How to set the network interface for RDP in Windows Server 2012?
The problem that I'm having however comes after I've set the network adapter as shown by the powershell results for querying the object:
NetworkAdapterLanaID NetworkAdapterName -------------------- ------------------ 2 vmxnet3 Ethernet AdapterThe second adapter is actually the primary adapter in this case.
I am however able to initiate a remote connection to both network adapters on this server. Since the private network is all layer 2, a layer 3 firewall wont be of use here. I'd rather not rely on Windows Firewall or IPsec to achieve my goal but if there is no other way I guess I will have to.
Any and all opinions on this would be helpful.
Thanks,
-
Deprived.Writer about 9 yearsIn addition to the above information, I have already disconnected the original RDP session, and rebooted the server for any and all settings to take effect.
-
EliadTech about 9 yearsWhat do you mean "all layer 2"? Normally, there has to be TCP/IP connection in order to do RDP, and if there is you can block it with a firewall.
-
dbr about 9 yearsWhat's the concern about using Windows Firewall?
-
Deprived.Writer about 9 yearsLayer 2 traffic does not get filtered through any sort of ACLs on the swtiches in the environment, and with this being a multi-tenet environment, using such ACLs would be problematic.
-
Deprived.Writer about 9 yearsWindows Firewall can prove to be problematic in our environment. There are a multitude of ports I would need to add in order for the server to work in production.
-
-
Deprived.Writer about 9 yearsThank you. I'm actually using a single rule in IPSec where I'm not allowing TCP/3389 to talk inbound to the private address of the layer 2 management network from anywhere. After implementing that change, albeit a few extra steps than I wanted, I was able to get the desired affect without using Windows Firewall.
