Application Proxy Network and Firewall Ports, IPs, URLs


Diagram

  • Network Ports
    • 80,443 outbound traffic
    • If firewall enforce traffic according to the user
      • Open traffic from Windows Services (Network Services)
    • DNS Whitelist
      • net
      • windows.net
      • or allow Azure IP Datacenter (update every week)
    • Certificate Verification
    • registration process
      • windows.net
      • microsoftonline.net
    • Application Proxy Port Test Tools
    • https://aadap-portcheck.connectorporttest.msappproxy.net/
    • Connector Group: (publish applications on separate networks and locations.)
      • Default
    • additional settings.
      • Backend Application Timeout (Default)
        • If Long: application is slow to authenticate and connect.
      • Translate URLs in Headers (Default Yes)
        • If NO: app required the original host header in the authentication request.
      • Translate URLs in Application Body (Default: No)
        • Yes: hardcoded HTML links to other on-premises applications, and don’t use custom domains.
  • Allow the following URL or IP:
DNS White List Certificate Verification Registration Process
·        msappproxy.net

·        servicebus.windows.net

·        or allow Azure IP Datacenter (update every week)

·        mscrl.microsoft.com:80

·        crl.microsoft.com:80

·        ocsp.msocsp.com:80

·        www.microsoft.com:80

 

·        login.windows.net

·        login.microsoftonline.net

 

  • Also, make sure to open the following Network Ports to Outbound Traffic:
Port Number Description
80 Downloading certificate revocation lists (CRLs) while validating the SSL certificate
443 All outbound communication with the Application Proxy service
Advertisements