The rule should have TCP ports 21 and the data channel ports defined in your FTP firewall (in my case, this would be 5000-5002). The final step in configuring this solution is configuring the inbound rules for the NSG. There is a requirement to create an outbound rule for the back-end resource to be able to reach out to the internet.
GO FTP SERVER WINDOWS FIREWALL FULL
Here is the full set of Load Balancing rules: Outbound source network address translation (SNAT): (Recommended) Use outbound rules to provide backend pool members access to the internet.Backend Pool: Select your backend pool – BEP-01.Frontend IP address: Select your Frontend IP Config – FEIP.Name: I like to give it the name of the port number, in this example, I will use 5000.I have the port 21 load balancing rule already configured but need to add the FTP data channel ports that I have defined in FTP Firewall (5000-5002). You can make a health probe for each data channel port. I will also be using this health probe for my FTP data channel ports. I have created an FTP Health probe for port 21.
The backend pool configuration is how you associate a virtual machine with the load balancer. After additional load balancing rules are added I will review the frontend configuration again.
This will detail how the Backend pool, Health probes, Load balancing rules, and Outbound rules are configured.Īs you see in the screenshot below, the frontend IP is defined by the rules associated with the front end. I will now go over the configuration of the Azure Load Balancer. Select Review + create – we will go over the configuration of the remaining items of the Load Balancer after it has been deployed.Ĭonfiguration of the Azure External Load Balancer Select Add a frontend IP Configuration, define the following parameters Search for Azure Load Balancer in the search bar in the Azure Portalĭefine the following parameters then select Next: Frontend IP configuration FTP Port requirements for inbound traffic and public IP address(es) of the client(s) that will be accessing the FTP server.Azure Public IP – this will be configured as the load balancer’s front-end IP.I recommend keeping the number of passive ports to a minimum since Azure External Load Balancers do not support a port range. If you define ports 5000-5100, there will be 100 load balancing rules for each data channel port. One thing to note with Passive FTP is that all the Data Channel ports for FTP must be defined in the load balancing rules. On the IIS server settings – FTP Firewall Support is where you define the Data Channel Port Range.Īt the site, the level is where you configure the public IP address of the external load balancer.Īs you see in the screenshot below the public IP of the external load balancer is configured.Ĭonfiguring an Azure External Load Balancer for FTP is strait forward. Below is how the FTP server is configured to support the external load balancer. I will just be going over the FTP firewall settings and set the Data Channel Port (Passive FTP Ports). I won’t be going into the details of the FTP server configuration here. If this is not done the outbound FTP traffic will die on the Azure Firewall\NVA. This is required in order to route the outbound traffic back out to the internet. In that case, there will be an additional Azure resource needed, an Azure Route Table with a 0.0.0.0\0 out to the internet associated with the subnet the FTP server is hosted. Suppose your environment does have an Azure Firewall\NVA. In this example, the FTP server will be running on IIS, and it is assumed that there is no Azure Firewall\NVA associated with the VNET that is hosting the FTP server. I thought it would be good to put together a step-by-step guide on setting up the load balancer, configuring the FTP server on the backend, and setting the Network Security Group rules associated with the FTP server. While recently working on moving an FTP server (using Passive FTP) from on-premises to Azure, I needed to expose the FTP server to the internet via an Azure External Load Balancer.
0 kommentar(er)
