VNet integration firewall requirements
When VNet integration is applied to the Nerdio Manager app, the network connectivity flow changes. In most cases, the subnet has outbound access restricted. To overcome that, the following addresses need to have access allowed for Nerdio Manager to work as required.
Note:
Azure Files storage connectivity is required for the Auto-scaling and FSLogix profile management features. See Harden Azure Storage Account for details.
When creating private endpoints, your source addresses can change, depending on the specific configuration. See Harden App Service for details.
Service tags are not applied or required for private endpoints.
Address |
Outbound TCP port |
Purpose |
Service tag |
|---|---|---|---|
*.azurewebsites.net |
443 |
Updating Nerdio Manager via the Automation account |
AzureAppService |
nwp-web-app.azurewebsites.net |
443 |
Nerdio Licensing Servers |
Internet |
nmwextensions.blob.core.windows.net |
443 |
Required for customer environments to call our hosted storage account and retrieve the scripts needed to install extensions. For details, see Manage VM Extensions with Nerdio Manager. |
Storage |
See Connectivity architecture for details. |
1433, 11000-11999 |
Azure SQL Services |
AzureSQL Please refer to the Microsoft article for specific tags. |
*.applicationinsights.azure.com |
443 | Application Insights |
ActionGroup, ApplicationInsightsAvailability, and AzureMonitor |
|
login.microsoftonline.com graph.microsoft.com |
443 | Authentication |
AzureIdentity |
login.windows.net |
443 |
AAD SQL Authentication |
|
|
*.azurewebsites.net - OR - [Explicit Web App URL] - AND/OR - [Custom Web App Address] |
443 | Back end access |
AzureAppService |
management.azure.com |
443 | AVD management |
AzureAppConfiguration |
api.github.com |
443 | Scripted Actions repository |
|
|
[Key Vault Name].vault.azure.net - OR - * vault.azure.net |
443 |
Key Vault access |
|
*.githubusercontent.com |
443 |
GitHub content access |
|
api.loganalytics.io |
443 |
API access for Log Analytics |
|
api.applicationinsights.io |
443 |
API access for Application Insights |
|
Comments (0 comments)