You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/logic-apps/connect-virtual-network-vnet-isolated-environment.md
+5-12Lines changed: 5 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -81,25 +81,18 @@ To make sure that your ISE is accessible and that the logic apps in that ISE can
81
81
82
82
* If you created a new Azure virtual network and subnets without any constraints, you don't need to set up [network security groups (NSGs)](../virtual-network/security-overview.md#network-security-groups) in your virtual network to control traffic across subnets.
83
83
84
-
*On an existing virtual network, you can *optionally* set up NSGs by [filtering network traffic across subnets](../virtual-network/tutorial-filter-network-traffic.md). If you want to go this route, or if you're already using NSGs, make sure that you [open the ports described in this table](#network-ports-for-ise)on the virtual network where you have NSGs or want to set up NSGs.
84
+
*For an existing virtual network, you can *optionally* set up [network security groups (NSGs)](../virtual-network/security-overview.md#network-security-groups) to [filter network traffic across subnets](../virtual-network/tutorial-filter-network-traffic.md). If you want to go this route, or if you're already using NSGs, make sure that you [open the ports described in this table](#network-ports-for-ise)for those NSGs.
85
85
86
-
> [!NOTE]
87
-
> If you use [NSG security rules](../virtual-network/security-overview.md#security-rules),
88
-
> you need to use *both* the TCP and UDP protocols. NSG security rules describe the ports
89
-
> that you must open for the IP addresses that need access to those ports. Make sure that
90
-
> any firewalls, routers, or other items that exist between these endpoints also keep those
91
-
> ports accessible to those IP addresses.
86
+
When you set up [NSG security rules](../virtual-network/security-overview.md#security-rules), you need to use *both* the **TCP** and **UDP** protocols. NSG security rules describe the ports that you must open for the IP addresses that need access to those ports. Make sure that any firewalls, routers, or other items that exist between these endpoints also keep those ports accessible to those IP addresses.
92
87
93
88
<aname="network-ports-for-ise"></a>
94
89
95
90
### Network ports used by your ISE
96
91
97
-
This table describes the ports in your Azure virtual network that your ISE uses and where those ports get used. To help reduce complexity when you create security rules, the [service tags](../virtual-network/service-tags-overview.md)in the table represent groups of IP address prefixes for a specific Azure service.
92
+
This table describes the ports that your ISE requires to be accessible and the purpose for those ports. To help reduce complexity when you set up security rules, the table uses [service tags](../virtual-network/service-tags-overview.md)that represent groups of IP address prefixes for a specific Azure service. Where noted, *internal ISE* and *external ISE* refer to the [access endpoint that's selected during ISE creation](connect-virtual-network-vnet-isolated-environment.md#create-environment). For more information, see [Endpoint access](../logic-apps/connect-virtual-network-vnet-isolated-environment-overview.md#endpoint-access).
98
93
99
94
> [!IMPORTANT]
100
-
> Source ports are ephemeral, so make sure that you set them to `*` for all rules. Where noted, internal ISE and external ISE refer to the
101
-
> [endpoint that's selected at ISE creation](connect-virtual-network-vnet-isolated-environment.md#create-environment).
102
-
> For more information, see [Endpoint access](../logic-apps/connect-virtual-network-vnet-isolated-environment-overview.md#endpoint-access).
95
+
> For all rules, make sure that you set source ports to `*` because source ports are ephemeral.
103
96
104
97
#### Inbound security rules
105
98
@@ -118,7 +111,7 @@ This table describes the ports in your Azure virtual network that your ISE uses
118
111
| Access Azure Cache for Redis Instances between Role Instances |**VirtualNetwork**| * |**VirtualNetwork**| 6379 - 6383 | And, for ISE to work with Azure Cache for Redis, you must also open these [outbound and inbound ports described by the Azure Cache for Redis FAQ](../azure-cache-for-redis/cache-how-to-premium-vnet.md#outbound-port-requirements). |
119
112
|||||||
120
113
121
-
#### Outbound
114
+
#### Outbound security rules
122
115
123
116
| Purpose | Source service tag or IP addresses | Source ports | Destination service tag or IP addresses | Destination ports | Notes |
0 commit comments