As Mexia starts doing more and more Azure work, I am getting asked more frequently about firewall rules for accessing the Azure Service Bus.

At first this seemed a weird question to me, to communicate with Azure Service Bus it is all outbound traffic, but more and more companies lately are restricting outbound traffic, for example the default Microsoft Threat Management Gateway (TMG) outbound rule only allow 80 and 443.

So for my own reference and for others that may get asked the same question, here are the steps for create an TMG outbound firewall rule for Azure Service Bus:

In the TMG Management Console under Web Access Policy, we need to define the network object that represents our BizTalk or Windows Server that needs to access SB

We also need to create a Protocol rule that defines that SB Traffic, TCP 9350 to 9354

We then need to create the Web Access Policy for Azure ServiceBus

Protocols HTTP, HTTPS and the ServiceBus Protocols we defined earlier

The Source of the Traffic we defined earlier

The destination of the traffic, in our case the external interface on our TMG Server

Once the Web Access Policy is created you will have to activate the change to the TMG Server

The new Web Access Policy is now active, you BizTalk or Windows Server will now have access to the Azure Service Bus