Configuring network security group settings - BlueCat Address Manager - 8.3.0

BlueCat Azure Virtual Appliances
prodname
BlueCat Address Manager
version_custom
8.3.0

Define firewall rules that control the traffic for your instance and configure network security groups to the interfaces of your BlueCat Azure VM.

Add rules to allow specific traffic to reach your instance as needed. BlueCat recommends the following minimum set of firewall rules for Address Manager and BlueCat DNS for Microsoft Azure:
  • SSH port 22
  • Custom TCP Rule with port number 123 for NTP (inbound only)
  • Custom TCP Rule with port number 161 for SNMP (inbound only)
  • Custom TCP Rule with port number 10042 for secure management and connectivity between BlueCat DNS for Microsoft Azure and Address Manager
  • Custom Any Rule with port number 53 for DNS
    Note: For more information on using network security groups to filter traffic on Azure Virtual Networks, refer to https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg.
    Note: For more information about BlueCat appliance service ports, refer to "Appendix A: Network Requirements" in the Address Manager Administration Guide.
BAM BDDS
  • HTTP or HTTPS
  • SSH
  • Custom TCP Rule with port number 10045 for notifications
  • SSH
  • Custom TCP Rule with port number 123 for NTP (inbound only) and 161 for SNMP (inbound only)
  • Custom TCP Rule with port number 10042 for secure management and connectivity between DNS/DHCP Servers and Address Manager
  • Custom Any Rule with port number 53 for DNS

To define network security group settings to your BlueCat Azure virtual appliance:

  1. Log in to the Azure Portal.
  2. Click Virtual Machines in the left-nav.
  3. From the list of virtual machines, click the name of the virtual machine you wish to configure with a network security group.
  4. Under Settings, click Networking.
  5. Click one of the interfaces of your BlueCat Azure VM, for example azure-bdds-nic-eth0. The Network Interface page opens.
  6. Under Settings, click Network security group.
  7. Click Edit then choose a Network Security Group or select None.
  8. Click Save.
    Note: OPTIONAL: you can also configure a network security group on subnets. This will propagate the network security group settings to all interfaces on that subnet.

Repeat this task for additional interfaces.