Windows Azure Service Bus AMQP Firewall Ports

(moved from petermannerhultsitblog.wordpress.com – originally dated October 23, 2014 )

Today I would like to share an addition to the documentation for Windows Azure Service Bus. I will start by explaining the different types of errors that you may receive and the different modes to connect to the service bus.

Azure Service Bus is meant to be able to connect in-most-cases without doing any firewall edits which is true in most cases if you use default settings which is similar to

ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.AutoDetect;

Which will first try to connect through TCP and then fail over to

ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Http; //Force Http only

to try to connect to your Azure Service Bus. And the HTTP Mode will outgoing TCP ports for port 80 (HTTP) and 443 (SSL) which will be open on most corporattions.

The HTTP mode is however (much??) slower than the TCP mode so it could be useful in trying to use TCP mode instead. And this is where it is not certain that the Firewall settings on your Corporation will allow it.

Try to set the Service Bus System Connectivity (in the code to)

ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Tcp;

and you may very well get an exception like

Microsoft.ServiceBus.Messaging.MessagingException: No connection could be made because the target machine actively refused it

This indicates a firewall issue. You should then look at opening some TCP ports for outgoing Communication.

If you look at the Microsoft documentation at

http://msdn.microsoft.com/en-us/library/azure/ee706729.aspx

they will say that you need to open ports TCP communication on TCP ports 9350 to 9354. And it will solve the firewall issue.


If you however want to run according to the AMQP standard by adding

;TransportType=Amqp

to the Connection string you may get firewall issues again. This time Microsoft instructs you to open outgoing TCP traffic to port 5672. This is however not enough as indicated by this log entry

System.Net.Sockets Information: 0 : [8856] Socket#31534420 – Created connection from 192.168.33.238:20285 to 94.245.88.192:5671.

It also needs the AMQPS port 5671 (Secure AMQP) port. So the documentation should really require both ports 5671 and 5672 to be open for AMQP Communication.

Advertisements

One thought on “Windows Azure Service Bus AMQP Firewall Ports

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s