Setting up Spectrum for RDP

Trying to set up the CF spectrum for RDP but some points are not very clear.

  1. When I select “Create application” I don’t see the RDP in the list of the options. Is the RDP only available for Business and Enterprise plans?

  2. Let’s say I configured a spectrum application for RDP. Now, I’ll have to block RDP access on the origin server and only whitelist CF’s IPs, correct?

  3. If Spectrum for RDP was successfully set up, now RDP access can only happen via CF’s network by visiting the subdomain associated with the created application, correct?

  4. If Spectrum for RDP was successfully set up, I can still access the origin server via RDP using the GUI tool, correct?

  5. What if the origin server is hosting more than one domain? Is it enough to create a Spectrum Application over the primary domain name to protect the origin server?

Any help would be appreciated!

Yes. See here.

As a best practice you should not expose RDP to the public internet at all, so you should firewall the origin RDP server.

If you have firewalled as above, then this is correct.

Yes.

I prefer to use Cloudflare Access with Argo Tunnels to protect and gain remote access to RDP. Instructions are available here: https://developers.cloudflare.com/access/rdp/rdp-guide/. You need to install the cloudflared daemon on both client and server, but this provides granular access control using 2FA etc., and without needing a public IP on your RDP server.

Thank you @michael. You mean by this that I should create an inbound rule that blocks all requests to RDP and only whitelist Cloudflare IPs?