What are the outbound rules requirement for Azure hybrid connection inside the on-premises server?

1.7k views Asked by At

I'm configuring up an on-premise server connection from a web app in an Azure web app using Hybrid Connection.

On my dev machine which goes through a proxy that has a quite flexible firewall, the hybrid connectivity is OK. I've been able to configure the Azure web app to connect to my dev machine.

However, on one of my servers that sits behind a firewall with only URLs whitelist, the hybrid connection does not work. When I configure it in the hybrid connection manager, it says successful though.

The Azure Hybrid Connection page in the Microsoft website only states that the on-premises server must have outbound connectivity to Azure over at least port 80. However, there are no references on which specific Azure URLs

I tried putting few different URLs in the outbound rules of the firewall to the point where I can open the portal.azure.com successfully and also opening the azure web app that I created. But, the hybrid connection is still not connected.

I've run process explorer on my dev machine (where the hybrid connection is connected) and observe the following IP addresses are being hit in the TCP/IP tab: 104.40.69.64 (https) and 23.99.42.15 (https).

I was just wondering if there are list of URLs/IP ranges that the hybrid connection manager try to connect.

Thanks

2

There are 2 answers

0
kura On BEST ANSWER

I found a big list of IP ranges in the Azure website where Windows Azure uses to connect to the internet. :) It's not just the specific URLs for the hybrid connection though. Seems to be frequently updated.

https://msdn.microsoft.com/en-us/library/azure/dn175718.aspx

0
Rob On

I found my firewall needed to whitelist the service bus gateway on outbound ports (5671 and 5672). For more info see:

https://blogs.msdn.microsoft.com/waws/2017/06/30/things-you-should-know-web-apps-and-hybrid-connections/