Articles on: Troubleshooting

Unable to access RDP?

If you have come across this article, chances are you are having issues accessing RDP (Remote Desktop) on your recently acquired Tempest dedicated server after installing Windows Server.

By default, Tempest drops all traffic towards your server. This is done to allow customers to configure their firewall exactly to their needs. Not only is this developed to keep your services more secure, but also to help prevent network attacks against your services. Due to this default drop-all rule, new customers will need to whitelist their RDP (Remote Desktop) port in the Tempest Firewall.

In this guide, we will be going over two different ways to accomplish this with either IP Whitelisting, and Port Whitelisting.

IP Whitelisting your RDP Port

IP Whitelisting is the most secure way to access RDP. IP Whitelisting means that our firewall will only allow the IP whitelisted to access the port, and prevent all other traffic from accessing the port.

Before starting, you will need to find your public IPv4 IP. This can quickly be done by using google and searching "What is my IP". Google should provide you a small box with your public IP address like the image below :

An Example Of Google's Response

Please note, you will need to make sure that you use your PUBLIC IP address. Many customers attempt to whitelist their PRIVATE IP address from Command Prompt. This will not work.

Once you have your public IP address, head over to the Tempest Firewall found HERE. You will need to make sure that you are logged into your Tempest Portal account to access the Firewall Manager.

Once you have accessed the Tempest Firewall Manager, you will need to make sure you are selecting your services IP in the box highlighted :
All of your services will be listed in this drop-down box.

Now that you have your service selected, and the correct service IP, you will want to click the "Create Rule" button. From here, you will want to use the following settings :

Option	Input	Notes
Rule Name	RDP - IP Specific	This name is used for your own documentation. This can be changed.
Source IP	XXX.XXX.XXX.XXX/32	You will place your PUBLIC IP here, with /32 at the end. THIS IS NOT YOUR SERVER IP.
Protocol	TCP
SRC Port	EMPTY	Leave this empty, as RDP will use random source ports
DST Port	3389	This is your RDP port. Default is 3389.
Action	Allow

This is an example of an IP Specific RDP Whitelist.

Once done, click the "Create" button, and the firewall rule will be created! Please allow 15-45 minutes for the firewall rule to propagate across our global network, and once that timeframe is up, the RDP port will be whitelisted to your IP!

Global Whitelisting of RDP Port

Global Whitelisting is a less secure way of whitelisting your RDP port. By setting a global whitelist, any IP is able to access your RDP port. While this does not mean they have access to your service, if your password is compromised, anyone will be able to access your RDP. Attackers may abuse this fact to cause RDP to temporarily lock out connections due to too many failed login attempts.

Following the same steps as above, you will want to access your Tempest Firewall Manager. When creating your firewall rule, use the following settings :

Option	Input	Notes
Rule Name	RDP - Enabled	This name is used for your own documentation. This can be changed.
Source IP	0.0.0.0/0	0.0.0.0/0 will allow any IP.
Protocol	TCP
SRC Port	EMPTY	Leave this empty, as RDP will use random source ports
DST Port	3389	This is your RDP port. Default is 3389.
Action	Allow

Please note, when creating a global rule, you should always apply one of our application filters to protect your ports! Using our TCP Symmetric filter on your RDP port is highly recommended!

Updated on: 21/09/2023

Was this article helpful?

Thank you!