Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
933
Views
0
Helpful
1
Replies

Azure Files - Firepower Threat Defense 2130

brian.emil.harris
Level 1
Level 1

‎02-11-2020 11:03 AM - edited ‎02-21-2020 09:54 AM

I have a request to open access to Azure Files via my FTD2130.

 

Running into a couple issues.

 

1st, URL-based rules don't work with ports other than 80/443 - this has long been a hangup, and was confirmed by TAC, which makes for a quite crippled system.

 

2nd, I have a rule blocking SMB, mandated by management, due to EternalBlue and other vulnerabilities.

 

I'm trying to craft a rule that would allow this out, but seem to be hitting limitations.

 

Can I allow the application NetBIOS-ssn (SMB) to a select destination URL?  Since we're looking at the Azure platform, IP-based rules aren't going to work out.

 

Any other suggestions?

Labels:
0 Helpful
1 Reply 1

Peter Koltl
Level 7
Level 7

‎02-13-2020 09:38 AM

You have to add the IP-list of Azure Files to the firewall rule.

https://download.microsoft.com/download/0/1/8/018E208D-54F8-44CD-AA26-CD7BC9524A8C/PublicIPs_20200210.xml

Note the the protocol you need is SMB (aka CIFS aka microsoft-ds) on TCP/445 port which is not netbios-ssn.

 

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-networking-overview#securing-access-from-on-premises

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card