Is It Possible to open a port to a domain?

Question

We have an IIS webserver hosted in Azure and trying to forward its logs to our SIEM. In order for our webserver to talk to our SIEM, we have to open port 443 outbound to a couple of domains example.com and abc.com (this is just an example).

However, as I take a look, I don't see a way to open port 443 outbound to the 2 domains. Is it possible to do this?

Answer 1

Hello @Nina G ,

NSGs/ASGs cannot help here, the best course of action is to leverage Azure Firewall. Reference: tutorial-firewall-deploy-portal-policy
Follow the instructions from the above document link and this is the section, where you define the rules.

Configure an application rule:
This is the application rule that allows outbound access to www.google.com.

• Open the Test-FW-RG, and select the fw-test-pol firewall policy.
• Select Application rules.
• Select Add a rule collection.
• For Name, type App-Coll01.
• For Priority, type 200.
• For Rule collection action, select Allow.
• Under Rules, for Name, type Allow-Google.
• For Source type, select IP address.
• For Source, type 10.0.2.0/24.
• For Protocol:port, type http, https.
• For Destination Type, select FQDN.
• For Destination, type www.google.com
• Select Add.

Please "Accept as Answer" and Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.

Answer 2

IIS 8 and above support multiple HTTPS sites on port 443 if you properly configure SNI certificate mappings, https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability