VNet Integration Firewall Requirements
When VNet integration is applied to the Nerdio Manager app, the network connectivity flow changes. In most cases, the subnet has outbound access restricted. To overcome that, the following addresses need to have access allowed in order for Nerdio Manager to work as required.
Address | Outbound TCP Port | Purpose | Service Tag |
---|---|---|---|
nwp-web-app.azurewebsites.net | 443 | Nerdio Licensing Servers | Internet |
See this Microsoft article for details. | 1433, 11000-11999 | Azure SQL Services | AzureSQL Please refer to the Microsoft article for specific tags. |
*.applicationinsights.azure.com | 443 | Application Insights | ActionGroup, ApplicationInsightsAvailability, and AzureMonitor |
login.microsoftonline.com graph.microsoft.com | 443 | Authentication | AzureIdentity |
login.windows.net | 443 | AAD SQL Authentication |
|
*.azurewebsites.net - OR - [Explicit Web App URL] - AND/OR - [Custom Web App Address] | 443 | Backend Access | AzureAppService |
management.azure.com | 443 | AVD Management | AzureAppConfiguration |
api.github.com | 443 | Scripted Actions Repository |
|
[Key Vault Name].vault.azure.net - OR - * vault.azure.net | 443 | Key Vault Access |
|
*.githubusercontent.com | 443 | GitHub Content Access |
|
api.loganalytics.io | 443 | API Access for Log Analytics |
|
api.applicationinsights.io | 443 | API Access for Application Insights |
|
Notes:
Azure Files storage connectivity is required for auto-scaling and FSLogix profile management features. See Harden Azure Storage Account for details.
When creating private endpoints, your source addresses may change, depending on the specific configuration. See Harden App Service for details.
Comments (0 comments)