| title | description | author | ms.author | ms.date | ms.topic |
|---|---|---|---|---|---|
Firewall settings for Azure Lab Services |
Learn how to determine the public IP address of VMs in a lab so information can be added to firewall rules. |
emaher |
enewman |
02/01/2022 |
how-to |
Each organization or school will configure their own network in a way that best fits their needs. Sometimes that includes setting firewall rules that block Remote Desktop Protocol (RDP) or Secure Shell (SSH) connections to machines outside their own network. Because Azure Lab Services runs in the public cloud, some extra configuration maybe needed to allow students to access their VM when connecting from the campus network.
Each lab uses single public IP address and multiple ports. All VMs, both the template VM and student VMs, will use this public IP address. The public IP address won’t change for the life of lab. Each VM will have a different port number. The port numbers range is 49152 - 65535. If using the April 2022 Update (preview), the port ranges for SSH connections are 4980-4989 and 5000-6999. The port ranges for RDP connections are 4990-4999 and 7000-8999. The combination of public IP address and port number is used to connect educators and students to the correct VM. This article will cover how to find the specific public IP address used by a lab. That information can be used to update inbound and outbound firewall rules so students can access their VMs.
Important
Each lab will have a different public IP address.
Note
If your school needs to perform content filtering, such as for compliance with the Children's Internet Protection Act (CIPA), you will need to use 3rd party software. For more information, read guidance on content filtering with Lab Services.
The public IP addresses for each lab are listed in the All labs page of the Lab Services lab account. For directions how to find the All labs page, see View labs in a lab account.
:::image type="content" source="./media/how-to-configure-firewall-settings/all-labs-properties.png" alt-text="Screenshot of the all labs page of a lab account.":::
Note
You won’t see the public IP address if the template machine for your lab isn’t published yet.
Now we know the public IP address for the lab. Inbound and outbound rules can be created for the organization's firewall for the public IP address and the port range 49152 - 65535. Once the rules are updated, students can access their VMs without the network firewall blocking access.
- As an admin, enable labs to connect your vnet.
- As an educator, work with your admin to create a lab with a shared resource.