Creating TMG Firewall Rules for Azure Service Bus

As Mexia starts doing more and more Azure work, I am getting asked more frequently about firewall rules for accessing the Azure Service Bus.

At first this seemed a weird question to me, to communicate with Azure Service Bus it is all outbound traffic, but more and more companies lately are restricting outbound traffic, for example the default Microsoft Threat Management Gateway (TMG) outbound rule only allow 80 and 443.

So for my own reference and for others that may get asked the same question, here are the steps for create an TMG outbound firewall rule for Azure Service Bus:

In the TMG Management Console under Web Access Policy, we need to define the network object that represents our BizTalk or Windows Server that needs to access SB

image

We also need to create a Protocol rule that defines that SB Traffic, TCP 9350 to 9354

image

image

We then need to create the Web Access Policy for Azure ServiceBus

image

image

Protocols HTTP, HTTPS and the ServiceBus Protocols we defined earlier

image

The Source of the Traffic we defined earlier

image

The destination of the traffic, in our case the external interface on our TMG Server

image

image

image

image

image

Once the Web Access Policy is created you will have to activate the change to the TMG Server

image

image

image

The new Web Access Policy is now active, you BizTalk or Windows Server will now have access to the Azure Service Bus