Unable to access RDP?
If you have come across this article, chances are you are having issues accessing RDP (Remote Desktop) on your recently acquired Tempest dedicated server after installing Windows Server.
By default, Tempest drops all traffic towards your server. This is done to allow customers to configure their firewall exactly to their needs. Not only is this developed to keep your services more secure, but also to help prevent network attacks against your services. Due to this default drop-all rule, new customers will need to whitelist their RDP (Remote Desktop) port in the Tempest Firewall.
In this guide, we will be going over two different ways to accomplish this with either IP Whitelisting, and Port Whitelisting.
IP Whitelisting is the most secure way to access RDP. IP Whitelisting means that our firewall will only allow the IP whitelisted to access the port, and prevent all other traffic from accessing the port.
Before starting, you will need to find your public IPv4 IP. This can quickly be done by using google and searching "What is my IP". Google should provide you a small box with your public IP address like the image below :
Please note, you will need to make sure that you use your PUBLIC IP address. Many customers attempt to whitelist their PRIVATE IP address from Command Prompt. This will not work.
Once you have your public IP address, head over to the Tempest Firewall found HERE. You will need to make sure that you are logged into your Tempest Portal account to access the Firewall Manager.
Once you have accessed the Tempest Firewall Manager, you will need to make sure you are selecting your services IP in the box highlighted :
Now that you have your service selected, and the correct service IP, you will want to click the "Create Rule" button. From here, you will want to use the following settings :
Once done, click the "Create" button, and the firewall rule will be created! Please allow 15-45 minutes for the firewall rule to propagate across our global network, and once that timeframe is up, the RDP port will be whitelisted to your IP!
Global Whitelisting is a less secure way of whitelisting your RDP port. By setting a global whitelist, any IP is able to access your RDP port. While this does not mean they have access to your service, if your password is compromised, anyone will be able to access your RDP. Attackers may abuse this fact to cause RDP to temporarily lock out connections due to too many failed login attempts.
Following the same steps as above, you will want to access your Tempest Firewall Manager. When creating your firewall rule, use the following settings :
Once done, click the "Create" button, and the firewall rule will be created! Please allow 15-45 minutes for the firewall rule to propagate across our global network, and once that timeframe is up, the RDP port will be whitelisted globally!
Please note, when creating a global rule, you should always apply one of our application filters to protect your ports! Using our TCP Symmetric filter on your RDP port is highly recommended!
By default, Tempest drops all traffic towards your server. This is done to allow customers to configure their firewall exactly to their needs. Not only is this developed to keep your services more secure, but also to help prevent network attacks against your services. Due to this default drop-all rule, new customers will need to whitelist their RDP (Remote Desktop) port in the Tempest Firewall.
In this guide, we will be going over two different ways to accomplish this with either IP Whitelisting, and Port Whitelisting.
IP Whitelisting your RDP Port
IP Whitelisting is the most secure way to access RDP. IP Whitelisting means that our firewall will only allow the IP whitelisted to access the port, and prevent all other traffic from accessing the port.
Before starting, you will need to find your public IPv4 IP. This can quickly be done by using google and searching "What is my IP". Google should provide you a small box with your public IP address like the image below :
Please note, you will need to make sure that you use your PUBLIC IP address. Many customers attempt to whitelist their PRIVATE IP address from Command Prompt. This will not work.
Once you have your public IP address, head over to the Tempest Firewall found HERE. You will need to make sure that you are logged into your Tempest Portal account to access the Firewall Manager.
Once you have accessed the Tempest Firewall Manager, you will need to make sure you are selecting your services IP in the box highlighted :
Now that you have your service selected, and the correct service IP, you will want to click the "Create Rule" button. From here, you will want to use the following settings :
| Option | Input | Notes |
|---|---|---|
| Rule Name | RDP - IP Specific | This name is used for your own documentation. This can be changed. |
| Source IP | XXX.XXX.XXX.XXX/32 | You will place your PUBLIC IP here, with /32 at the end. THIS IS NOT YOUR SERVER IP. |
| Protocol | TCP | |
| SRC Port | EMPTY | Leave this empty, as RDP will use random source ports |
| DST Port | 3389 | This is your RDP port. Default is 3389. |
| Action | Allow |
Once done, click the "Create" button, and the firewall rule will be created! Please allow 15-45 minutes for the firewall rule to propagate across our global network, and once that timeframe is up, the RDP port will be whitelisted to your IP!
Global Whitelisting of RDP Port
Global Whitelisting is a less secure way of whitelisting your RDP port. By setting a global whitelist, any IP is able to access your RDP port. While this does not mean they have access to your service, if your password is compromised, anyone will be able to access your RDP. Attackers may abuse this fact to cause RDP to temporarily lock out connections due to too many failed login attempts.
Following the same steps as above, you will want to access your Tempest Firewall Manager. When creating your firewall rule, use the following settings :
| Option | Input | Notes |
|---|---|---|
| Rule Name | RDP - Enabled | This name is used for your own documentation. This can be changed. |
| Source IP | 0.0.0.0/0 | 0.0.0.0/0 will allow any IP. |
| Protocol | TCP | |
| SRC Port | EMPTY | Leave this empty, as RDP will use random source ports |
| DST Port | 3389 | This is your RDP port. Default is 3389. |
| Action | Allow |
Once done, click the "Create" button, and the firewall rule will be created! Please allow 15-45 minutes for the firewall rule to propagate across our global network, and once that timeframe is up, the RDP port will be whitelisted globally!
Please note, when creating a global rule, you should always apply one of our application filters to protect your ports! Using our TCP Symmetric filter on your RDP port is highly recommended!
Updated on: 21/09/2023
Thank you!