Azure Ports

  Outbound ports that have to be opened for Azure development
  The following list represents protocols and output ports needed by Azure developers.
Action Domain Protocol Port Description
Management Portal ? HTTP/S (?) ? Using the Silverlight Management App
Custom domain

This is the default for most RDP listeners.
RDP 3389 Remote Desktop connection to VMs
Publish from VS * Http/s + ? ? Blob domain for package upload for access of management api
Webdeploy *

Reference to Web Deploy on Port 8172
Http/s 8172 Webdeploy from within Studio
SQL Management *

Port 8443 The Database Management API is a REST API. All operation requests are sent encrypted over the Secure Sockets Layer (SSL) and authenticated using X.509 v3 certificates.

Database Management API requests can be initiated from within Windows Azure, or directly over the internet from any application that can send HTTPS requests and receive HTTPS responses.

All requests are sent to the SQL Azure Database Management Service on port 8443 using the following base URL:
TDS 1433 Manage SQL from Management Studio
Upload into Storage * Http/S 80/443 Push data into Azure Storage
Service Bus Relay TCP Mode *

from the developers guide below
“The relay service only requires a few outbound ports to be open, specifically ports 9350, 9351, 9352, 9353, depending on the features you choose to use, and the standard HTTP ports 80/443.

It uses ports 9350 for one-way TCP connections and port 9351 for one-way TCP/SSL connections.

They use ports 9352 and 9353 for bidirectional TCP connections and a more advanced connectivity mode we’ll discuss later.

It’s important to note that you don’t have to open any inbound ports on your firewall or perform any kind of port mapping on your NAT/router device in order to use the relay service.”

A Developer’s Guide to the Service Bus Developer's Guide to Service Bus in Windows Azure AppFabric.docx#
SB over TCP 9350, 9351, 9352, 9353 Listeners on Service Bus Relay over TCP (requires 443 for Access Control token acquisition)
Service Bus Relay HTTP Mode * SB over HTTP 80 Listeners on Service Bus Relay over HTTP (requires 443 for Access Control)
Service Bus Publish Subscribe * SBMP over TCP 9354 Service Bus Queue and Topic clients over TCP (in CTP)
Service Bus Pubsub over REST * HTTPS 443 Service Bus Queue/Topic/Message Buffer over REST
Access Control *                  

Illustrates Access Control Service and SharePoint and Port 443

What you can do with port 443 By using Windows Azure AppFabric Access Control with SharePoint I can allow users to authenticate not only by Windows Live ID and Active Directory but also Google, Yahoo! and Facebook!

HTTPS 443 Token acquisition and management for Access Control
AppFabric Cache *

Session State Provider for Windows Azure Caching The Windows Azure session state provider is an out-of-process storage mechanism for ASP.NET applications. This provider enables you to store your session state in an Windows Azure cache rather than in-memory or in a SQL Server database.
NETTCP 22233 Cache access (out-of-DC access makes sense for external replication into cache)


  How to Configure a Windows Azure Port
How to Configure a Windows Azure Port
Setting Up a Hosted Service for Windows Azure
Overview of Setting Up a Hosted Service for Windows Azure
How to Configure the Site Entry in the Service Definition File

Download for Azure SDK

Comments (4)

  1. SP says:

    Should we open any specific IP or IP range from our office network? Our office firewall set up need to have a source ip (which we have) and destination IP or range with port. So in that case what should be the destination ip or rang?? thanks

  2. Nicolás says:

    Thanks! but I have to say that you have the most freaky meme like header. :o)

  3. Alex says:

    It would really help if anyone could answer SP's question: what is the IP range to open FWs?

    * and * are cool, but since IPs of the service may change anytime, what is the range to use?

  4. Paul says:

    Replace * with and use this IP.

Skip to main content