1. Home
  2. Security
  3. How to firewall the RDP (remote desktop protocol) service on a Windows 2008 R2 Enterprise Server

How to firewall the RDP (remote desktop protocol) service on a Windows 2008 R2 Enterprise Server

This article will show you how to firewall the remote desktop protocol (RDP) service on a Windows 2008 R2 Enterprise server.
Step 1.  Log-in to the server as an administrator using your RDP server name, username, and password.
Step 2.  Click Start, then click Administrative Tools, then click Windows Firewall with Advanced Security.
Step 3.  Click Inbound Rules.
Step 4.  By default, the Windows firewall rules will be listed by “group” alphabetical order.  Scroll down until you see the 2 firewall rules: Remote Desktop – (TCP-In) and Remote Desktop – RemoteFX (TCP-In).  Double-click on the firewall rule Remote Desktop – User Mode (TCP-In).
Step 5.  A dialog box window will appear.  Click Scope.
Step 6.  Under the Remote IP address heading, click These IP addresses:.
Step 7.  Click Add.
Step 8.  A dialog box will appear.  Enter the IP address you want to allow RDP access from and click OK.
Step 9.  You should see the IP address you just added in the list. 
Step 10.  Repeat Steps 7 to 9 for each additional IP address or IP address range you wish to add to the server.  You will want to add (whitelist) all IPs that you regularly connect to the server from.  To determine your IPs, visit http://whatsyourip.net from each location where you want to be able to RDP to your server (for example, work, a home office, home, etc.).
Step 11.  In addition to the IPs you added in Steps 7 through 10, you will also need to whitelist these IP addresses:
174.136.79.138
174.136.95.1
216.167.201.0/255.255.255.0
216.167.202.0/255.255.255.0
66.252.232.0/255.255.255.0
174.136.72.0/255.255.255.0
174.136.73.0/255.255.255.0
174.136.75.0/255.255.255.0
174.136.74.154/255.255.255.255
Step 12.  Next, you’ll want to whitelist the local subnet.  Click Add.
Step 13.  A dialog box will appear.  Click Predefined set of computers:.
Step 14.  Click the drop-down menu to the right of the Default gateway, and click Local subnet.
Step 15.  Click OK.
Step 16.  You should see the Local subnet you just added in the list.
Step 17.  Click Apply for the new IPs you just added to the firewall rule to take effect, and then click OK to save changes.
Step 18.  Double-click on the firewall rule Remote Desktop – RemoteFX (TCP-In)
Step 19.  A dialog box window will appear.  Click Scope.
Step 20.  Under the Remote IP address heading, click These IP addresses:.
Step 21.  Click Add.
Step 22.  A dialog box will appear.  Enter the IP address you want to allow RDP access from and click OK.
Step 23.  You should see the IP address you just added in the list.
Step 24.  Repeat Steps 21 to 23 for each additional IP address or IP address range you wish to add to the server.  You will want to add (whitelist) all IPs that you regularly connect to the server from.  To determine your IPs, visit http://whatsyourip.net from each location where you want to be able to RDP to your server (for example, work, a home office, home, etc.).
Step 25.  In addition to the IPs you added in Steps 21 through 24, you will also need to whitelist these IP addresses:
174.136.79.138
174.136.95.1
216.167.201.0/255.255.255.0
216.167.202.0/255.255.255.0
66.252.232.0/255.255.255.0
174.136.72.0/255.255.255.0
174.136.73.0/255.255.255.0
174.136.75.0/255.255.255.0
174.136.74.154/255.255.255.255
Step 26.  Next, you’ll want to whitelist the local subnet.  Click Add.
Step 27.  A dialog box will appear.  Click Predefined set of computers:.
Step 28.  Click the drop-down menu to the right of the Default gateway, and click Local subnet.
Step 29.  Click OK.
Step 30.  You should see the Local subnet you just added in the list.
Step 31.  Click Apply for the new IPs you just added to the firewall rule to take effect, and then click OK to save changes.
Step 32.  Congratulations, you are all set.
We recommend if you see additional IPs in the firewall rule you don’t recognize, that you do not remove these addresses, as they are necessary in order for Support to connect to your server in the event that support assistance is needed at some point in the future.  Removal of these IPs constitutes acknowledgement and consent that support engineers would not be able to RDP to the server in the future if support assistance is requested.
© 1999-2021 Applied Innovations Corporation Intellectual Property.  All rights reserved. 

Content retrieved from: https://support.appliedi.net/kb/a1367/how-to-firewall-the-rdp-remote-desktop-protocol-service-on-a-windows-2008-r2-enterprise-server.aspx.

Updated on July 28, 2020

Was this article helpful?

Related Articles

Need Support?
Can't find the answer you're looking for? Don't worry we're here to help!
CONTACT SUPPORT