Hello,
In this post, I'll just take a note for myself and share it with the others: How to whitelist specific IP Addresses to use RDP on Windows Firewall. This post is helpful to limit the RDP login to prevent some bot Bruteforce to our Windows Server.
Prerequisites
- Administrative access to Windows Server (In this tutorial: I'm using Windows Server 2012 R2 Standard)
#1. Open the Windows Firewall application
First, open the windows Firewall application on our windows server, and then open the Inbound Rules submenu on the sidebar.
#2. Remote Desktop - User Mode (TCP-In)
Search name "Remote Desktop - User Mode (TCP-In)" with Profile All, and then click Properties.
After the properties popup is open, on the Scope tab -> Remote IP Address section, choose the These IP Addresses radio button, and click Add button to whitelist what is your IP Address using right now, like mine using exit nodes with tailscale (like a personal VPN thing).
For example, I added my IP Address 103.113.111.121. Click OK to proceed, and then click Apply and OK on the Properties pop-up.
#3. Remote Desktop - User Mode (UDP-In)
Do the same on Remote Desktop - User Mode (UDP-In) with profile All, open properties, and then on the Scope tab -> Remote IP Address section and add your own IP Address to whitelist only allow your IP Address to open RDP (Remote Dekstop Connection) sessions.
Why we should configure the UDP-In too?
Based on quora answer, the RDP can utilize both TCP and UDP. The session is normally initiated using TCP and then uses UDP for continuation of the session if available.
#4. Try to login with IP Addresses except for whitelisted IP Address
To check the windows firewall was configured properly, we can ensure it by login RDP (Remote Desktop Connection application) on our Windows OS Client. 😀
- Open Remote Desktop Connection application,
- Fill in your windows server IP Public address on the computer and click Connect.
If we are trying to log in to RDP with unlisted IP Addresses (non-whitelisted IP), RDP will be a timeout and we can't log in.
There will be an error pop-up :
Remote Desktop can't connect to the remote computer for one of those reasons:
1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not avaiable on the network
Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.
And it only allows whitelisted IP Addresses to log in to RDP.
Thanks for reading!
If you are misconfigured settings on Windows Firewall and you can't connect your windows server using RDP (Remote Desktop Connection), I suggest you should open the VNC Session on your VPS Panel on your VPS Provider. You can still log in to your Windows Server without your IP Address being listed first.