Windows Azure Platform >
Firewall for Windows Azure Worker/Web roles

Answered Firewall for Windows Azure Worker/Web roles

  • Monday, May 14, 2012 6:12 AM
     
     
    Sign In to Vote
    0

    Is there a way for Azure Worker and Web Roles to allow traffic only from certain range of host names or IP addresses? I see the option of adding firewall rules only for SQL Azure database from Management Portal.

    We are deploying Mongo database to Azure worker role. The data has to be accessed from multiple deployments and from machines running from our corp network. So roles running Mongo database have public endpoints to consume the data. Mongo DB uses form based authentication.

    Is there a way that I can configure in Azure to restrict traffic for a role that has public endpoints? Requirement is that only certain IP address range or host names must be allowed to connect to Mongo role (DB).

    If there is no out of box solution, I am planning to configure Windows firewall on Mongo role and allow only traffic only from Remote IP addresses I specify. Is this a reasonable approach? Are there any better alternatives? Please clairfy.

     

All Replies

  • Monday, May 14, 2012 6:51 AM
     
     Answered
    Sign In to Vote
    1

    Hi,

    Take a look at this: http://code.msdn.microsoft.com/windowsazure/CSAzureAddFirewallRules-352de4ed

    Hope this helps.

    Thanks

    Gaurav Mantri

    Cerebrata Software

    http://www.cerebrata.com

     
  • Monday, May 14, 2012 10:25 AM
     
     Answered
    Sign In to Vote
    0

    It is possible to set up standard Windows Firewall rules in a startup task.

     
  • Monday, May 14, 2012 12:11 PM
     
     Answered Has Code
    Sign In to Vote
    1

    Hi,

    Yes you can set FireWall in startup in the .csdef

    <Startup>
      <Task commandLine="yourcmdscript.cmd" executionContext="elevated" taskType="simple" />      
</Startup>

    please note that

    executionContext must be elevated which mean it will have administrator rights link

    using following has required by you. which is used to disable or set rules

    netsh advfirewall firewall add rule name="ICMPv6" dir=in action=allow enable=yes protocol=icmpv6 
netsh advfirewall firewall add rule name="Windows Remote Management (HTTP-In)" dir=in action=allow service=any enable=yes profile=any localport=5985 protocol=tcp 
netsh advfirewall firewall add rule name="Allowing Interal Service Traffic"  dir=in action=allow localport=444 protocol=tcp

    This will setup the firewall for corresponding rules

    if you want to disable the entire firewall

    netsh advfirewall set allprofiles state off

    This will put into high risk of security

    Regards

    Madan

    dmadan.wordpress.com

     
  • Monday, May 14, 2012 4:52 PM
     
     
    Sign In to Vote
    0
    Thank you so much! Will try out the suggested options.