Azure Cloud Services and the Windows Firewall

When using Azure Cloud Services you choose to open up ‘endpoints’ (probably by editing the configuration in Visual Studio), which basically opens ports on the Azure Load Balancer to direct traffic to your Web / Worker Roles.

When you configure these endpoints, the Windows Firewall on the server is also configured to open the same ports. However, these ports are not fully opened, instead they are opened to ‘System’.

If you start a socket listener from a startup task, or from your code, this seems to be fine. However, if the listener is a Windows Service or similar, the firewall does not forward the traffic, and the port appears blocked.

To overcome this, add a command like this to your startup task to open the port completely.

netsh advfirewall firewall add rule name="my rule" dir=in localport=12345 protocol=TCP action=allow