Azure Route-Based Site-To-Site VPN Port 445 Options

boldfaceal 6 Reputation points
2022-05-26T10:52:20.457+00:00

I have created a Site-To-Site VPN connection to Azure. The connection between my GW and the Azure GW is working.

The issue I have now is that I cannot connect to my file share using SMB. Test-Connection returns a message stating 445 is blocked.

I thought when having a Site-to-Site VPN connection that this would not be an issue, but apparently it still is?

The firewall on my Windows 11 client is off. The firewall on my router has been updated to allow incoming and outgoing connections on port 445.

My ISP does block 445, but again, I'm not sure if having the Site-To-Site VPN connection makes the irrelevant or not? If not, what else do I need to do to make SMB connections to my Azure File Share work?

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,162 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,374 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alan Kinane 16,786 Reputation points MVP
    2022-05-26T11:42:09.38+00:00

    I suspect the issue is that your test-connection is using the public endpoint for Azure Files so it is not trying to access over your VPN tunnel but instead routing over the Internet where your ISP is blocking it - you can maybe do a tracert to confirm.

    You will need to make sure that you have a private endpoint in place and DNS forwarding configured to route over your VPN. Here's some guides for this:

    https://learn.microsoft.com/en-us/azure/storage/files/storage-files-networking-endpoints?tabs=azure-portal

    https://learn.microsoft.com/en-us/azure/storage/files/storage-files-networking-dns

    Once configured they yes, the port 445 issue will not apply as you have said.

    0 comments
  2. Carlos Solís Salazar 16,436 Reputation points
    2022-05-26T11:47:23.86+00:00

    Hi @boldfaceal

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    All will depend on how you configure the Azure File Share,

    The storage account has its own firewall, you must check if the configuration of that firewall is correct,

    You can find the firewall configuration on the network blade.

    More information here https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?toc=%2Fazure%2Fstorage%2Ffiles%2Ftoc.json&tabs=azure-portal

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.

    0 comments