Firewall Settings
Network Security Group
After deploying the marketplace image of Web Filtering Proxy, we have a new Network Security Group that contains the following firewall rules for incoming connections.
Rule Name | Protocol | Port | Source | Destination | Action |
---|---|---|---|---|---|
Plain_Proxy | TCP | 8080 | Any | Any | Allow |
Secure_Proxy | TCP | 8443 | Any | Any | Allow |
The ports are the listening ports for standard conventional plain proxy 8080 and 8443 for secure proxy. Default rule for RDP access has also been added by Microsoft.
Go ahead and remove the Plain_Proxy firewall rule, from now on our proxy will only be accessible over port 8443. Note, we leave the source setting in Secure_Proxy rule as Any thus allowing anyone to connect to our proxy. If this is not desired, we could also limit the incoming connections from our public IP address only.
It is advised to allow incoming connections for RDP protocol from your public static IP only.
Windows Firewall
The built-in Microsoft Windows Firewall on the virtual machine also needs to be adjusted. By default, when Web Filtering Proxy is installed it adds several firewall rules that allow incoming connections from the private LAN scope only. As we are deploying the secure proxy in the cloud, we also need to allow connections to ports 8443 from any host as shown on the following screenshot.