Understanding Firewall Settings
Symptom: AzureVM Cannot Connect to Azure (Connect-AzAccount, Cannot Send Error)
How to Improve: Change Azure Firewall Settings
source protocol:type of port destination Destination
"AzureVM Private IPAddress" 80,443 IP Address*
The above settings have been newly added to Network Rules.I was able to connect to Azure. (Connect-AzAccount was successful.)
ASK:
If you specify "*" as the destination, I think it is dangerous for AzureVM to be safe."
I would like to specify a minimum destination so that I can connect to Azure (Connect-AzAccount, Storageaccount, and AzureBackup).
Could you tell me about the destination settings?
If you want to use Azure PowerShell to manipulate storage accounts and backups, you can use Azure Firewall application rules to allow:(We have not verified the operation.)
I think there's something wrong with the premise
Is it really the purpose of hitting Azure's API from the VM?
Because of the system's reasons, I don't understand the assumption that the VM hitting the API is "dangerous to be able to connect via HTTP/HTTPS other than Azure'sFor example, how do you update the operating system or install software?
Apart from that, if you really want to block other communications, you can filter them by hostname.
Normally, it's better to use a URL-based filter with Proxy, but since Proxy servers can access any site, they're likely to be called "dangerous", so you'll have to use a third-party firewall where you can write policies based on hostname
© 2024 OneMinuteCode. All rights reserved.