Allow inbound 443 from the Internet to Bastion subnet
Hi Azure team,
Thanks for bring such great feature to us! :D
As per the https://docs.microsoft.com/en-us/azure/bastion/bastion-nsg and our own test.
We need to allow Inbound port 443 from Internet to the Bastion Subnet. From my understanding, the Bastion instance is only making connections from/to Azure portal. Is there any reason we need to open 443 to the Internet, instead of some tag like “AzureCloud”
Mike Wedderburn-Clarke (CSA) commented
Hi Tim, the 443 connection is actually from client to Bastion. You can see this by doing a netstat on the local machine when you've amde the connection. This is great because it also allows you to restrict Bastion access based on source IPs by modifying the NSG on the Bastion subnet.