Azure Web App access to on-premise file server

Question

Hello,

I have an Azure Web app connected to a VNet that includes a Virtual Network Gateway that sets a S2S connection to an on-premise network. The Vnet DNS server is set with an on-premise DNS server.

How is it possible to reach a file server hosted on-premise ? It does not work when I try to get \fileshare\example\photo.jpg from app service. Is it possible ? If yes, how to do so ?

Thank you

Bertrand Pons

Answer 1

anonymous user have a look at https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances. It states

Customer-managed DNS servers (on-premises domain controller, local read-only domain controller, or a DNS secondary synced using zone transfers, for example). See Name resolution using your own DNS server.

You'll have to setup a custom DNS server that will forward the queries to your on-prem DNS.

Answer 2

According to: https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/internet-firewalls-prevent-browsing-file-sharing
The following protocols and ports are required to access the files:
Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).

And according to: https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox
Regardless of address, applications cannot connect to anywhere using ports 445, 137, 138, and 139. In other words, even if connecting to a non-private IP address or the address of a virtual network, connections to ports 445, 137, 138, and 139 are not permitted.

And therefore I guess it is technically not possible to access the file share (unless the file share could run on different ports which I guess is technically as well not possible).