Using Site-to-site VPN to mount Azure File Shares on-premies RRS feed

  • Question

  • My ISP (Spectrum Business) is blocking port 445 so I am unable to map Azure File Shares over the internet using SMB 3.0.

    Does anyone know of a workaround to this? I created a Site-to-Site VPN between Azure and my firewall, but I cannot seem to force the mapping of the Azure Fille Share to go through the VPN tunnel.

    Saturday, December 23, 2017 2:47 PM

All replies

  • If port 445 is blocked by your organization's policy or by your ISP, you can use Azure File Sync to access your Azure file share.


    Azure File Sync (preview) to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. You can use any protocol that's available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.


    You may refer Mount Azure file share from an on-premises client through VPN similar discussion thread for more details.

    Refer the document Azure File Sync for more details.


    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Saturday, December 23, 2017 4:45 PM
  • Ajay. Thanks for your reply.

    I am using Azure File Sync to sync files from the on-premises server to Azure. However, we are trying to transition to a cloud only solution, which means the on-premises server will eventually go away. 

    Since the ISP is blocking 445, we need a way for the end users to map the Azure file share on-premises. I have the S2S VPN connected, but I cannot get it to route requests to map the SMB files shares through the tunnel. 

    Saturday, December 23, 2017 10:39 PM
  • Our Azure VPN Gateway doesn’t support NAT or forward proxy functionality, which is needed to be able to use tunneling to bypass port 445 being blocked. It is on the Networking team’s roadmap but no ETA yet.  

    We are instead collaborating with Networking team to publish list of Azure Files specific IP ranges per region, so you can work with your IT/ISP to unblock port 445 outbound access to limited set of IPs. If there is urgency, Azure IP ranges would be a start – it is all Azure IP ranges and inclusive of Azure Files. This list gets updated weekly, so you will have to keep the rules updated periodically.

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Monday, December 25, 2017 12:02 PM