VNet Integration Firewall Requirements

VNet Integration Firewall Requirements

When VNet integration is applied to the Nerdio Manager app, the network connectivity flow changes. In most cases, the subnet has outbound access restricted. To overcome that, the following addresses need to have access allowed in order for Nerdio Manager to work as required.

 

Address

Outbound TCP Port

Purpose

Service Tag

nwp-web-app.azurewebsites.net

443

Nerdio Licensing Servers

Internet

See this Microsoft article for details.

1433,

11000-11999

Azure SQL Services

AzureSQL

Please refer to the Microsoft article for specific tags.

*.applicationinsights.azure.com

443

Application Insights

ActionGroup, ApplicationInsightsAvailability, and AzureMonitor

login.microsoftonline.com

graph.microsoft.com

443

Authentication

AzureIdentity

login.windows.net

443

AAD SQL Authentication

 

*.azurewebsites.net

- OR -

[Explicit Web App URL]

- AND/OR -

[Custom Web App Address]

443

Backend Access

AzureAppService

management.azure.com

443

AVD Management

AzureAppConfiguration

api.github.com

443

Scripted Actions Repository

 

[Key Vault Name].vault.azure.net

- OR -

* vault.azure.net

443

Key Vault Access

 

*.githubusercontent.com

443

GitHub Content Access

 

api.loganalytics.io

443

API Access for Log Analytics

 

api.applicationinsights.io

443

API Access for Application Insights

 

 

Notes:

  • Azure Files storage connectivity is required for auto-scaling and FSLogix profile management features. See Harden Azure Storage Account for details.

  • When creating private endpoints, your source addresses may change, depending on the specific configuration. See Harden App Service for details.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Please sign in to leave a comment.