Share via

How to disable or secure port 8443 exposed on Azure VPN Gateway public IP?

Vijay Harsha 0 Reputation points
2025-06-19T13:17:38.91+00:00

We are using an Azure VPN Gateway (VpnGw2AZ) and noticed during an external pentest that port 8443 is exposed on the gateway’s public IP. The report flags this as a medium-severity issue due to the availability of a web-based admin interface accessible over the internet.

We understand this port may be used by Azure internally, but we would like to:

Confirm why port 8443 is open and what it's used for.

Understand if there is a supported method to disable or restrict access to this port.

Ensure this setup complies with security best practices, or get official documentation to support the exposure if it’s required.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,796 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Bandaru 5,520 Reputation points Microsoft External Staff Moderator
    2025-06-19T21:46:05.0833333+00:00

    Hello Vijay Harsha

    It appears you're dealing with the exposure of port 8443 on your Azure VPN Gateway and seeking clarification on its purpose and ways to secure it. Here's what you need to know:

    Port 8443 is typically used for secure web-based management interfaces for Azure VPN Gateways and other services. Azure may use this port internally, which is why it remains open by default.

    While you can't completely disable port 8443 on the Azure VPN Gateway, as it's necessary for certain operations, you can take measures to restrict access to it:

    • Use Network Security Groups (NSGs) to create inbound rules that limit which IP addresses can access this port. This way, only trusted sources within your organization could access it.
    • Implement Azure Private Link to access Azure services privately without exposing them to the public internet.
    • Consider Azure Bastion for secure RDP/SSH connection management if you're also managing VMs.

    Security Best Practices: To ensure compliance with security best practices:

    • Regularly review your Network Security Groups and monitor access.
    • Ensure all default settings meet your security requirements.
    • Utilize Microsoft Defender for Cloud to continuously monitor your resources for potential vulnerabilities.

    Refer the below documents for more understanding:

    https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/vpn-gateway-security-baseline

    Hope the above answer helps! Please let us know do you have any further queries.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.