![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 19%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
685 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Hello
Azure Arc is agent-based, so your Azure Arc enabled servers have an agent installed that will communicate/connect over 443 outbound (from the agent on the server) to your tenant/azure arc instance in Azure. If nothing specific is specified as inbound (i don't know any Azure Arc extension that does) it is all handled trough the outbound connection from the Agent on the server. This will handle evaluation of configurations and policy compliance for the server and deploy them if they do not match what is specified in Azure.
For more in-depth information about the agent
https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-overview
For more in-depth about the network parts
https://learn.microsoft.com/en-us/azure/azure-arc/servers/network-requirements?tabs=azure-cloud
But like stated above you most likely only have to worry about the agent being able to communicate outbound on 443 to you Azure (internet) :)
Hope this is helpful and remember shared knowledge is the best knowledge 😊
Best Regards,
Timmy Malmgren
If the Answer is helpful, please click "Accept Answer" and upvote it as it helps others to find what they are looking for faster!