question

boldfaceal-5565 avatar image
0 Votes"
boldfaceal-5565 asked soysoliscarlos answered

Azure Route-Based Site-To-Site VPN Port 445 Options

I have created a Site-To-Site VPN connection to Azure. The connection between my GW and the Azure GW is working.

The issue I have now is that I cannot connect to my file share using SMB. Test-Connection returns a message stating 445 is blocked.

I thought when having a Site-to-Site VPN connection that this would not be an issue, but apparently it still is?

The firewall on my Windows 11 client is off. The firewall on my router has been updated to allow incoming and outgoing connections on port 445.

My ISP does block 445, but again, I'm not sure if having the Site-To-Site VPN connection makes the irrelevant or not? If not, what else do I need to do to make SMB connections to my Azure File Share work?

azure-vpn-gatewayazure-files
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlanKinane avatar image
0 Votes"
AlanKinane answered

I suspect the issue is that your test-connection is using the public endpoint for Azure Files so it is not trying to access over your VPN tunnel but instead routing over the Internet where your ISP is blocking it - you can maybe do a tracert to confirm.

You will need to make sure that you have a private endpoint in place and DNS forwarding configured to route over your VPN. Here's some guides for this:

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-networking-endpoints?tabs=azure-portal

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-networking-dns

Once configured they yes, the port 445 issue will not apply as you have said.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

soysoliscarlos avatar image
0 Votes"
soysoliscarlos answered

Hi @boldfaceal-5565

Thank you for asking this question on the Microsoft Q&A Platform.

All will depend on how you configure the Azure File Share,

The storage account has its own firewall, you must check if the configuration of that firewall is correct,

You can find the firewall configuration on the network blade.

More information here https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security?toc=%2Fazure%2Fstorage%2Ffiles%2Ftoc.json&tabs=azure-portal

Hope this helps,
Carlos Solís Salazar


Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
NOTE: To answer you as quickly as possible, please mention me in your reply.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.