IIS/HTTP Endpoint on Azure VM (non-classic)

9
votes

With the classic Azure VMs, one set up IIS on an Azure VM and then went to the (old) portal and set up an HTTP endpoint for it. On the new VMs, this is apparently done through the Network Security Group in the (new) portal as described here:

How I add new endpoints to my VM on new azure portal (preview)?

However, I can't seem to find how to actually set up an HTTP endpoint... the only available protocols seem to be TCP or UDP.

enter image description here

What settings do I need here to allow http connections to IIS on the VM? I tried source: any; protocol: any; source port range: *; destination: any; destination port range: 80; action: allow, but am still not able to make an external connection to the server's IP on 80 (RPD works fine and internal tests via localhost work fine).

This VM has a public IP and has a disable firewall during this testing/setup phase.

Note: this is a barebones VM provision with a default IIS role set up and the VM using the default network security group: it's not part of a larger IaaS setup.

2
azureiisazure-virtual-machine

2 Answers

15
votes

Found it. Should be using TCP as the protocol rather than Any:

enter image description here

1
votes

Note that when you create a VM through the portal, it gets associated with a network security group (NSG). A rule to allow RDP or SSH (depending on the operating system) is created in the NSG. To allow any other traffic, you need to explicitly create a NSG rule.

If a NSG is not associated with the VM or its subnet, all ports are open. So you don't actually need to explicitly allow traffic. If you do put an allow, however, you do need to make sure it's TCP and not any :)