3

I read a previous post on StackExchange in regards to this issue that I'm having. I have a server that uses 2 networks, a private network on a promiscuous port (it's able to talk to all of the isolated ports on the network, but the isolated ports cannot talk to each other) and the "public facing" network interface (even though it's only open to the LAN and some other devices). This server needs to be very secure in that only RDP sessions can be initiated on the public facing interface and not the private interface.

How to set the network interface for RDP in Windows Server 2012?

The problem that I'm having however comes after I've set the network adapter as shown by the powershell results for querying the object:

NetworkAdapterLanaID NetworkAdapterName
-------------------- ------------------
                   2 vmxnet3 Ethernet Adapter

The second adapter is actually the primary adapter in this case.

I am however able to initiate a remote connection to both network adapters on this server. Since the private network is all layer 2, a layer 3 firewall wont be of use here. I'd rather not rely on Windows Firewall or IPsec to achieve my goal but if there is no other way I guess I will have to.

Any and all opinions on this would be helpful.

Thanks,

Community
  • 1
Deprived.Writer
  • 61
  • 1
  • 4
  • In addition to the above information, I have already disconnected the original RDP session, and rebooted the server for any and all settings to take effect. – Deprived.Writer Apr 12 '15 at 15:41
  • What do you mean "all layer 2"? Normally, there has to be TCP/IP connection in order to do RDP, and if there is you can block it with a firewall. – EliadTech Apr 12 '15 at 15:51
  • What's the concern about using Windows Firewall? – dbr Apr 12 '15 at 21:37
  • Layer 2 traffic does not get filtered through any sort of ACLs on the swtiches in the environment, and with this being a multi-tenet environment, using such ACLs would be problematic. – Deprived.Writer Apr 13 '15 at 16:38
  • Windows Firewall can prove to be problematic in our environment. There are a multitude of ports I would need to add in order for the server to work in production. – Deprived.Writer Apr 13 '15 at 16:41

1 Answers1

3

You had to use/configure Windows Firewall, here. Simply modify the incoming RDP rules to allow connection only from the desired interface.

shodanshok
  • 47,711
  • 7
  • 111
  • 180
  • Thank you. I'm actually using a single rule in IPSec where I'm not allowing TCP/3389 to talk inbound to the private address of the layer 2 management network from anywhere. After implementing that change, albeit a few extra steps than I wanted, I was able to get the desired affect without using Windows Firewall. – Deprived.Writer Apr 13 '15 at 16:44