Ability to add port ranges to DNAT rule

Dan 176

Hi,

Is it possible to add a range of ports to a DNAT rule with Azure firewall? We currently have a machine that required a large range of UDP ports to be open, and adding individual rules for each port will be rather unmanageable.

Thanks

3 answers

Bastiaan 6 Reputation points

2021-05-15T09:20:35.01+00:00

This really blows my mind. It's very common to have port ranges in DNAT situations. For example, we need to add an pasive FTP server. This requires an range of at least 1000 ports. We are now adding them as single rules, but this is so time consuming. Please add ranges like with NAT and NSG's.

The description of the field is "Destination Ports" while you have only one. :-(
Please sign in to rate this answer.

1 person found this answer helpful.
Rakesh Kumar 1 Reputation point

2021-11-16T22:47:12.403+00:00

You may like to use *

Marek Kurowski 21 Reputation points

2022-11-21T18:54:55.97+00:00

Cant use it in the translated port field :(
Sign in to comment
suvasara-MSFT 10,006 Reputation points

2020-09-14T13:21:00.273+00:00

Greetings,

You should be able to add multiple ports with a comma separation while creating a NAT rule in the Azure Firewall.

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Best regards,
Subhash
Please sign in to rate this answer.
Dan 176 Reputation points

2020-09-15T10:42:48.617+00:00

@suvasara-MSFT thanks for the response, your screen shot looks as if it is referencing network rules not DNAT rules, also unfortunately due to the large range that we would be required to add, using commas would also not really be a suitable solution.

Thanks

suvasara-MSFT 10,006 Reputation points

2020-09-17T17:08:01.087+00:00

@Dan , Apologies for the delay in response. We do not have this feature yet. When creating DNAT rules, only single ports can be specified in the destination and translated port fields. You would need to create multiple rules within a NAT Rule Collection when multiple ports are needed. I would recommend you post this feature request here in this feedback section for its future availability.

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Best regards,
Subhash

suvasara-MSFT 10,006 Reputation points

2020-09-29T11:18:32.34+00:00

@Dan , Just checking in to see if the above answer helped. If this answers your query, please don’t forget to "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Sign in to comment
Thomas, Philip 1 Reputation point

2020-11-13T22:46:38.797+00:00

Just have to ask @suvasara-MSFT , what is the recommended way of handling DNAT's that require a range of ports?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment