Firewall Settings Related to Windows Azure Connect
Updated: April 25, 2013
The recommended way to implement cross-premises and hybrid scenarios is by using Windows Azure Virtual Network. Please see Windows Azure Virtual Network Overview for more information about Virtual Network.
In Windows Azure Connect, the firewall settings on local endpoints (local computers or VMs) are under your control. Windows Azure Connect uses HTTPS, which uses port 443. Therefore, the port that you must open on local endpoints is TCP 443 outbound. In addition, configure program or port exceptions needed by your applications or tools.
Note then when you install the local endpoint software, a firewall rule is created for Internet Control Message Protocol version 6 (ICMPv6) communication. This rule allows ICMPv6 Router Solicitation and Router Advertisement (Type 133 and Type 134) messages, which are essential to the establishment and maintenance of an IPv6 local link. Do not block this communication.
When you activate a role for Windows Azure Connect, the firewall settings for the role are configured automatically by Windows Azure. In addition to these firewall settings, you might need to configure program or port exceptions needed by your applications or tools. Otherwise, we recommend that you do not change the firewall settings on an activated role.