ISP Eastlink Canada Blocking SMB port 445

Hani Abuelkhair 0 Reputation points
2023-09-26T12:10:46.6233333+00:00

We are trying to upload data from local server to Azure and we are facing issue that the ISP blocking the SMB TCP 445 protocol

The ISP is saying nothing wrong from the connection, but when we connect to LTE the SMB works with no issues.

Any suggestion ?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,114 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. JimmySalian-2011 42,171 Reputation points
    2023-09-26T20:47:09.73+00:00

    Hi Hani,

    How is the network connection between the Onpremise and Azure Expressroute or VPN? Can you use Network Watcher to monitor the connectivity - https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-create?tabs=portal

    Also check the connectivity tests tools you can use and check the status of the Circuit if it is ER.

    https://learn.microsoft.com/en-us/azure/expressroute/expressroute-troubleshooting-expressroute-overview

    Hope this helps.

    JS

    ==

    Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.

    0 comments No comments

  2. Sumarigo-MSFT 45,786 Reputation points Microsoft Employee
    2023-09-27T17:07:26.0766667+00:00

    @Hani Abuelkhair Welcome to Microsoft Q&A Forum, Thank you for posting your query.

    I assume you are using Azure File share in your scenario to upload the data to Azure Storage

    Cause 1: Port 445 is blocked: Refer to the suggestion mentioned in this article

    Check if your firewall or ISP is blocking port 445, use the AzFileDiagnostics tool or Test-NetConnection cmdlet.

    Azure Files only allows connections using SMB 3.0 (with encryption support) from outside the region or datacenter. SMB 3.0 protocol has introduced many security features including channel encryption which is very secure to use over internet. However its possible that port 445 has been blocked due to historical reasons of vulnerabilities found in lower SMB versions. In ideal case, the port should be blocked for only for SMB 1.0 traffic and SMB 1.0 should be turned off on all clients.

    If you have ever been blocked using Azure Files due to your ISP's port 445, you can setup a Point to Site VPN to your Azure Files. Refer to the suggestions mentioned in the GitHub article

    You can mount the file share on your local machine by using the SMB 3.0 protocol, or you can use tools like Storage Explorer to access files in your file share. From your application, you can use storage client libraries, REST APIs, PowerShell, or Azure CLI to access your files in the Azure file share.

    Additional information: Use a different protocol: If your ISP is blocking SMB, you can try using a different protocol to upload data to Azure. For example, you can use HTTPS or FTPS to upload data to Azure Blob Storage. You can also use Azure File Sync to synchronize files between your local server and Azure Files.

    Use a VPN: If your ISP is blocking SMB, you can try using a VPN to connect to Azure. A VPN will encrypt your traffic and make it more difficult for your ISP to block specific protocols. You can set up a VPN gateway in Azure and connect to it from your local server.

    Use a different network: If your ISP is blocking SMB, you can try using a different network to upload data to Azure. For example, you can use a different ISP or connect to a public Wi-Fi network.

    Please let us know if you have any further queries. I’m happy to assist you further.     


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.