How do I allow Azure Relay traffic through my firewall?

Frank Cottos 0 Reputation points
2023-07-11T12:46:44.24+00:00

I have an Azure App Service that uses an Azure Relay to call a RESTful service on a local machine. A new firewall has been put in place and I am now getting "Bad Gateway" errors. Port 443 is open. Azure is showing that the Relay is up and connected.

Internet Request to App Service wsdl --> Relay --> local IIS wsdl

I believe the inbound traffic is getting blocked or redirected, but don't know how to prove that.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,535 questions
{count} votes

1 answer

Sort by: Most helpful
  1. TP 68,431 Reputation points
    2023-07-11T14:57:40.31+00:00

    Hi Frank,

    Is the new firewall you put in place performing some sort of TLS inspection for outbound traffic? My thought is, your previous firewall may have been allowing the outbound 443 traffic from your internal IIS server without any application-layer inspection.

    Please check on your new firewall if you can add some sort of an exception rule for your internal IIS server's IP so that its outbound 443 connection to Azure Relay servers are not inspected/interfered with at all. If possible make this change and then test (restart and confirm link comes up). Exempt the IP from session timeouts or similar as well if possible.

    Thanks.

    -TP