Configuring network security group settings - BlueCat Address Manager - 8.3.2

BlueCat Azure Virtual Appliances

BlueCat Address Manager

Define firewall rules that control the traffic for your instance and configure network security groups to the interfaces of your BlueCat Azure VM.

Add rules to allow specific traffic to reach your instance as needed. BlueCat recommends the following minimum set of firewall rules for BlueCat DNS for Microsoft Azure:
  • SSH port 22
  • Custom TCP Rule with port number 123 for NTP (inbound only)
  • Custom TCP Rule with port number 161 for SNMP (inbound only)
  • Custom TCP Rule with port number 10042 for secure management and connectivity between BlueCat DNS for Microsoft Azure and Address Manager
  • Custom Any Rule with port number 53 for DNS
    Note: For more information on using network security groups to filter traffic on Azure Virtual Networks, refer to
    Note: For more information about BlueCat appliance service ports, refer to "Appendix A: Network Requirements" in the Address Manager Administration Guide.

To define network security group settings to your BlueCat Azure virtual appliance:

  1. Log in to the Azure Portal.
  2. Click Virtual Machines in the left-nav.
  3. From the list of virtual machines, click the name of the virtual machine you wish to configure with a network security group.
  4. Under Settings, click Networking.
  5. Click one of the interfaces of your BlueCat Azure VM, for example azure-bdds-nic-eth0. The Network Interface page opens.
  6. Under Settings, click Network security group.
  7. Click Edit then choose a Network Security Group or select None.
  8. Click Save.
    Note: OPTIONAL: you can also configure a network security group on subnets. This will propagate the network security group settings to all interfaces on that subnet.

Repeat this task for additional interfaces.