Hi
I was asked to setup a rdp server on the cloud. They want to access the rdp server from anywhere without vpn.
In front of the rdp server it will be a mikrotik.
So i was thinking is there a way to block access to users that is trying to open rdp connection with the ip address and not the domain name?
Thanks in advanced
No, not really. At least not if you want some basic level of decent security protection.
Install ZeroTier, Tailscale or a similar SD-WAN (“from anywhere VPN”) solution on the cloud server for a hassle-free setup and administration.
Exposing RDP and similar remote desktops over the Internet without any proper encrypted VPN in between is a VERY bad decision to make.
Have the clients use wireguard and terminate the encrypted vpn as wireguard on your Mikrotik and then from there let them handshake with the RDP service of the host to be remotely managed.
Preferly using one passphrase/cert per client so when people are no longer employees or for some other reasons you can easily cut them off through the VPN (or if a client have been compromised then you dont need to change passphrase/certs for ALL clients - just the credentials for the affected client).