You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Update DNS record instructions for browser-based RDP
Update DNS record instructions to be more descriptive on how to handle a AAAA record and a CNAME record.
* Fix formatting
Not sure how moving the header didn't go with initial commit?
* DNS modifications round 2
More concise, hopefully more straightforward
* Update rdp-browser.mdx
* update rdp-browser.mdx
minor wording adjustments
* rdp dns record
* change IPv4 address
* Update src/content/docs/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser.mdx
Co-authored-by: Kate Tungusova <[email protected]>
---------
Co-authored-by: Ann Ming Samborski <[email protected]>
Co-authored-by: kennyj42 <[email protected]>
Co-authored-by: Kate Tungusova <[email protected]>
With Cloudflare Zero Trust, users can connect to an RDP server without installing an RDP client or the [WARP client](/cloudflare-one/connections/connect-devices/warp/) on their device. Browser-based RDP leverages [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/), which creates a secure, outbound-only connection from your RDP server to Cloudflare's global network. Setup involves running the `cloudflared` daemon on the RDP server (or any other host machine within the private network) and routing RDP traffic over a public hostname.
13
+
Users can connect to an RDP server without installing an RDP client or the [WARP client](/cloudflare-one/connections/connect-devices/warp/) on their device. Browser-based RDP leverages [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/), which creates a secure, outbound-only connection from your RDP server to Cloudflare's global network. Setup involves running the `cloudflared` daemon on the RDP server (or any other host machine within the private network) and routing RDP traffic over a public hostname.
14
14
15
15
There are two ways for users to [reach the RDP server in their browser](#4-connect-as-a-user):
16
16
-**App Launcher**: Users can log in to the [Access App Launcher](/cloudflare-one/applications/app-launcher/) with their Cloudflare Access credentials and then initiate an RDP connection within the browser to their Windows machine. Users will authenticate to the Windows machine using their pre-configured Windows username and password. Cloudflare does not manage any credentials on the Windows server.
@@ -34,7 +34,47 @@ Browser-based RDP can be used in conjunction with [routing over WARP](/cloudflar
To make your RDP targets (that is, your Windows machines) available through the browser, you will need a [Cloudflare DNS record](/dns/manage-dns-records/how-to/create-dns-records/) for the domain and subdomain that users will connect to. This domain will be used to access any targets that are available to users through your Access application (see Step 4).
40
+
41
+
For example, if want users to connect to targets on `rdp.example.com`, [create a DNS record](/dns/manage-dns-records/how-to/create-dns-records/#create-dns-records) for `rdp.example.com`. You can create either an `A`, `AAAA`, or `CNAME` record:
42
+
43
+
<Detailsheader="A record"open={false}>
44
+
The following DNS record points your public subdomain (`rdp`) to an IPv4 address in the [Class E address space](https://datatracker.ietf.org/doc/html/rfc5735).
45
+
46
+
-**Type**: _A_
47
+
-**Name**: `rdp`
48
+
-**IPv4 address**: `240.0.0.0`
49
+
-**Proxy status**: On
50
+
51
+
</Details>
52
+
53
+
<Detailsheader="AAAA record"open={false}>
54
+
The following DNS record points your public subdomain (`rdp`) to the IPv6 [discard address range](https://www.rfc-editor.org/rfc/rfc6666.html):
55
+
56
+
-**Type**: _AAAA_
57
+
-**Name**: `rdp`
58
+
-**IPv6 address**: `100::`
59
+
-**Proxy status**: On
60
+
61
+
</Details>
62
+
63
+
<Detailsheader="CNAME record"open={false}>
64
+
The following `CNAME` record points your public subdomain (`rdp`) to a fully qualified domain name.
65
+
66
+
-**Type**: _CNAME_
67
+
-**Name**: `rdp`
68
+
-**Target**: `www.rdp.example.com`
69
+
-**Proxy status**: On
70
+
71
+
The CNAME **Target** field is unrelated to the RDP targets configured in Step 2.
72
+
73
+
</Details>
74
+
75
+
The DNS record does not need to point to an active destination IP address or hostname; the DNS record just needs to be valid. Cloudflare's RDP proxy will handle the routing to the correct RDP target.
You can only enable browser-based RDP on domains and subdomains, not for specific paths.
90
+
You can only enable browser-based RDP on domains and subdomains, not for specific paths. The selected domain and subdomain must also have a corresponding DNS record (refer to [Step 3](#3-create-a-dns-record)).
51
91
:::
52
92
53
93
8. Expand **Browser rendering settings**. In the **Browser rendering** dropdown, select _RDP_.
@@ -82,17 +122,6 @@ Ensure that only **Allow** or **Block** policies are present. **Bypass** and **S
82
122
83
123
19. Select **Save**.
84
124
85
-
## 4. Create a DNS record
86
-
87
-
In the [Cloudflare dashboard](https://dash.cloudflare.com/login), go to **DNS** > **Records** and verify that a [DNS record](/dns/manage-dns-records/how-to/create-dns-records/) exists for your domain. The DNS record allows Cloudflare to proxy browser-based RDP traffic to your private network. Any arbitrary DNS record will work.
88
-
89
-
If you do not already have a DNS record, [create a new DNS record](/dns/manage-dns-records/how-to/create-dns-records/#create-dns-records). For example, you could create an `AAAA` record that points your Access application public hostname (`app.example.com`) to the IPv6 [discard address range](https://www.rfc-editor.org/rfc/rfc6666.html):
90
-
91
-
-**Type**: _AAAA_
92
-
-**Name**: `app`
93
-
-**IPv6 address**: `100::`
94
-
-**Proxy status**: On
95
-
96
125
## 5. (Recommended) Modify order of precedence in Gateway
0 commit comments