Adjusting firewall configuration
Consideration
You can associate a custom application security group (ASG) or a custom network security group (NSG) with the temporary virtual machine that HYCU for Azure creates for data protection purposes. For instructions on how to do this, contact HYCU Customer Support.
Procedure
If you have Azure Firewall configured, you must adjust the firewall rules and open the required ports for HYCU for Azure to operate properly and protect your data:
| Purpose | Protocol | Destination | Port |
|---|---|---|---|
| Access to Azure Service Bus | TCP | hycu-dpaas-sb-prod.servicebus.windows.net
|
5671 |
| Authorization | TCP | login.microsoftonline.com
|
443 |
| Compute/networking | TCP | management.azure.com
|
443 |
| Access to storage accountsa | TCP |
i Important Using the Azure Storage service tag is recommended. |
443 |
a If you are not using the Storage service tag, keep in mind the following:
-
You must open access to all storage accounts that you use when backing up data, creating copies of backup data, and archiving data.
-
Restoring individual files cannot be performed because a temporary storage account is created during the restore.
-
You must open access to the HYCU log storage account. To obtain the storage account name that is used for HYCU logs, contact HYCU Customer Support.
i Important Only if a custom firewall rule is applied. Traffic to the *.azure.com, *.core.windows.net, *.servicebus.windows.net, and *.microsoftonline.com endpoints must be allowed.
If you employ HYCU Protégé in your environment, make sure to additionally adjust firewall configuration as follows:
| Purpose | Protocol | Source | Destination | Port |
|---|---|---|---|---|
| HYCU Protégéa | TCP | HYCU backup controller IP address or host name | Firewall IP address | 443 |
| Firewall IP address | HYCU backup controller IP address or host name |
a The HYCU backup controller must have access to all storage accounts that are used when migrating data to and from Azure.