Configure firewall rules for the Virtual Machine

Add these firewall rules on the virtual machine you deployed to allow nodes to enroll in Lighthouse.

Talk to your organizational security team for any additional configuration required when adding these rules.

1. Ensure that you have completed the steps in Create a virtual machine.

2. Navigate to the virtual machine you created in step 1.

   Note: You can either click the Go to resource button immediately after the virtual machine is created, or you can navigate to Azure Services, click the Virtual Machines icon and then click the virtual machine.

3. In the left menu for the virtual machine, expand Networking, and then click Network settings.

   Note: Your public IP address is listed at the top of the page.

4. Configure the following rules:

   Note: To add each rule, click the Create port rule button and click Inbound port rule from the list that appears.

• Add a rule to allow UDP connections from any source to port 1194 on the instance's internal network address (10.0.0.x).

• Add a rule to allow UDP connections from any source to port 1195 on the instance's internal network address (10.0.0.x).

• Confirm that HTTPS and SSH are allowed from the initial setup. If not, add them.

• You may require other ports open, depending on feature usage. For example:

  • SNMP (UDP/161 or TCP/161) – SNMP Management
    

  • OpenVPN (UDP/1195) – Lighthouse Multiple Instance VPN

  • HTTPS (TCP/8443) – Alternate REST API port

5. Return to the Virtual Machines page and select the virtual machine.
   

6. Complete the steps in Check endpoints in Lighthouse.