Skip to content

Commit b445773

Browse files
Merge pull request #223756 from dknappettmsft/avd-private-link-port-range-clarification
AVD private link port range clarification
2 parents cfe15b2 + 5261a2b commit b445773

File tree

1 file changed

+6
-4
lines changed

1 file changed

+6
-4
lines changed

articles/virtual-desktop/private-link-setup.md

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ title: Set up Private Link for Azure Virtual Desktop preview - Azure
33
description: How to set up Private Link for Azure Virtual Desktop (preview).
44
author: Heidilohr
55
ms.topic: how-to
6-
ms.date: 12/06/2022
6+
ms.date: 01/12/2023
77
ms.author: helohr
88
manager: femila
99
---
@@ -105,7 +105,7 @@ To configure Private Link in the Azure portal:
105105

106106
1. In the **Virtual Network** tab, make sure the values in the **Virtual Network** and **subnet** fields are correct.
107107

108-
1. In the **Private IP configuration** field, choose whether you want to dynamically or statically allocate IP addresses from the subnet you selected in the previous step. <!--What's the difference between these two and why should I choose each?-->
108+
1. In the **Private IP configuration** field, choose whether you want to dynamically or statically allocate IP addresses from the subnet you selected in the previous step.
109109

110110
- If you choose to statically allocate IP addresses, you'll need to fill in the **Name** and **Private IP** for each listed member.
111111

@@ -166,8 +166,10 @@ Follow the directions in [Tutorial: Filter network traffic with a network securi
166166

167167
When you set up your NSG, you must configure it to allow both the URLs in the [required URL list](safe-url-list.md) and your private endpoints. Make sure to include the URLs for Azure Monitor.
168168

169-
>[!NOTE]
170-
>If you intend to restrict network ports from either the user client devices or your session host VMs to the private endpoints, you will need to allow traffic across the entire TCP dynamic port range of 1 - 65535 to the private endpoint for the host pool resource using the *connection* sub-resource. If you restrict ports to the endpoint, your users may not be able to connect successfully to Azure Virtual Desktop.
169+
> [!NOTE]
170+
> If you intend to restrict network ports from either the user client devices or your session host VMs to the private endpoints, you will need to allow traffic across the entire TCP dynamic port range of 1 - 65535 to the private endpoint for the host pool resource using the *connection* sub-resource. The entire TCP dynamic port range is needed because port mapping is used to all global gateways through the single private endpoint IP address corresponding to the *connection* sub-resource.
171+
>
172+
> If you restrict ports to the private endpoint, your users may not be able to connect successfully to Azure Virtual Desktop.
171173
172174
## Validate your Private Link deployment
173175

0 commit comments

Comments
 (0)