none
Azure Firewall policy to allow connectivity to the Azure portal RRS feed

  • Question

  • Hi,

    we have some VMs sitting behind an Azure Firewall in Azure. People working on the VMs need to be able to browse to the Azure portal, but I can't find a description of a policy that would allow it. It is not as simple as allowing 'portal.azure.com' because it seems to refer to a number of other URLs - so, does someone have a policy for this?

    Thanks very much in advance.

    Thursday, September 19, 2019 8:08 PM

All replies

  • Hi, 

    Currently we have only 6 tags that you can use in Application rule collection. But you can add a rule with target as "*.portal.azure.com" or "*.azure.com" to allow traffic to portal from VMs via Firewall. 

    Reference: https://docs.microsoft.com/en-us/azure/firewall/fqdn-tags

    Let me know if you have any further questions. 

    Regards, 

    Msrini

    Thursday, September 19, 2019 9:01 PM
    Moderator
  • Thanks for your reply. Unfortunately, that doesn't really work because portal.azure.com redirects to:

    https://login.microsoftonline.com

    So, I added the above URL as well as 'portal.azure.com' but I just get a blank screen instead of the login screen.

    Any ideas?

    Friday, September 20, 2019 6:56 AM
  • Can you add another rule to allow "*.microsoft.com" ?

    By doing that you the authentication traffic will be allowed. 

    Regards, 

    Msrini

    Friday, September 20, 2019 7:03 AM
    Moderator
  • Hi, 

     

    Just checking in if you have had a chance to see the previous response. If this answers your query, do click “Mark as Answer” and Up-Vote for the same.

    Regards, 

    Msrini

    Monday, September 23, 2019 11:33 AM
    Moderator
  • Hi, 

    Do you have any update on this issue?

    Regards, 

    Msrini

    Thursday, September 26, 2019 8:29 PM
    Moderator