Trying to open ldap port on azure fw but it just plain wont open

Question

Hi everyone,

please excuse my lack of knowledge here as I am trying to learn as I go. I have a Synology NAS device at my office that I would like to connect with my Azure Ad so that I can pass authentication for sharing permissions to the NAS. I am trying to open the ldap port on the azure firewall but it simply fails to open. I've tried using specific IP's of my site and my Azure public ip, I've even tried to make it any/any on port 389 but to no avail. I have confirmed that my firewall onsite has the port open so the issue cannot be on my end, I also use a web port checker online to my azure server IP to check if the port is open/closed and can confirm it stays solid closed all the time.

I feel like I've hit a brick wall please can you help?

Gratitude.

Adrian

Answer 1

@Adriaan Cilliers ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I am afraid I did not understand your requirement and architecture.

Wrt Entra,

• Azure AD(Entra) is not part of Azure Virtual Network
  • From your OnPrem NAS device, any traffic destined to the Entra ID should not ideally reach the Azure VNET
• Are you using Microsoft Entra Domain Services (AD DS) ?
  • Is this taking care of the LDAP part?
• Is you configuration similar to LDAP authentication with Microsoft Entra ID
• Is this a new set up? If so, was there any Azure documentation you followed to set this up?
  • The above doc explains use of LDAP for resources in a VNET, but not for resources in the OnPrem
• Or this is a old set up that resulted in this recently

Wrt Azure Firewall,

• I see you are using Azure Firewall
  • Correct me if I am wrong
• May I ask what exactly do you mean by "open the ldap port on the azure firewall"
  • As long as you create a Network Rule, traffic should be allowed via Azure Firewall
  • Do you actually see the traffic getting blocked?
  • Or you do not see the traffic at all?

Cheers,

Kapil