Skip to content

Firewall Settings

Network Security Group

After deploying the marketplace image of Web Filtering Proxy, we have a new Network Security Group that contains the following firewall rules for incoming connections.

Rule Name Protocol Port Source Destination Action
Plain_Proxy TCP 8080 Any Any Allow
Secure_Proxy TCP 8443 Any Any Allow

The ports are the listening ports for standard conventional plain proxy 8080 (see previous tutorial) and 8443 for secure proxy. Default rule for RDP access has also been added by Microsoft.

Go ahead and remove the Plain_Proxy firewall rule, from now on our proxy will only be accessible over port 8443. Note, we leave the source setting in Secure_Proxy rule as Any thus allowing anyone to connect to our proxy. If this is not desired, we could also limit the incoming connections from our public IP address only.

Network Security Group Firewall Rules for Secure Proxy

It is advised to allow incoming connections for RDP protocol from your public static IP only.

Windows Firewall

The local built in Microsoft Windows Firewall on the virtual machine also needs to be adjusted. By default, when Web Filtering Proxy is installed it adds several firewall rules that allow incoming connections from the private LAN scope only. As we are deploying the secure proxy in the cloud, we also need to allow connections to ports 8443 from any host as shown on the following screenshot.

Built-in Windows Firewall Rules for Secure Proxy