I am new to Qliksense and Azure. We have installed Qliksense in Azure Virtual machine. Trying to access the Qliksense hub/QMC URL (https://xxx.intranet.myclient.com/hub) from the internet/outside the azure Network, but was unsuccessful. The url is working well in the intranet.
Azure VM has a private ip address.
Created inbound rules in NSG(Network Security group) at Azure to open ports 443,80, 4244.
2.Created firewall inbound rule in VM server to open ports 80, 443, 4244, 4243, 4248, 4242
Added the url to the host white list at the virtual proxy side in Qlik QMC
May I know what wrong am doing or what I am missing here?
Firstly, If you want to access qlik url to work from the internet, you need a public IP address attached to the Azure VM or load balancer service like Azure application gateway in front of Azure VM with a public IP address. Refer to this. If you have no public IP address, you can directly deploy one and attach to the VM network interface on the Azure portal. Try to restart the Azure VM or refresh VM.
Then, make sure you have a DNS map which is pointing FQDN xxx.intranet.myclient.com to your VM public IP address. You can try to access the Qliksense hub/QMC URL like https://PublicIPaddress/hub first.
Also, you can run the command netstat -anbo as the administrator in the CMD to check if the port is listening on Qliksense service. Try to telnet or Test-NetConnection the Qliksense URL before you access the Qliksense URL on the remote machine.
If the above all are no effect, you can look at this. Let me know if this works.
Related
i have a Question about an Azure SQL Server and the Azure Firewall.
I have configured the Azure SQL Server with Private Endpoints. The Network Hub and Spoke are with peerings connected.
The Private DNS Zone is linked to both Virtual Networks.
The Public Access is disabled on the Azure SQL Server.
No i would like to Use Azure Firewall Rules to Connect from External (WWW) trough the Azure Firewall the Azure SQL Server with Management Studio.
I can find nothing to this Scenario.
I have to tried it with "DNAT / Application NAT / Network Nut" but nothing works.
is it even possible to reach the SQL Database over the Public through the Firewall when the public Access is disabled on the SQL Database?
Thanks a lot.
Regards,
Phil
I tried to reproduce to reproduce the same and tried "DNAT / Application / Network rule it work fine:
I have created a firewall rule with firewall policy like below:
Added application rule:
Network rule:
DNAT rule:
Check your source ip should be your virtual network subnet
Use destination address as the public ip of your firewall and port and translated port as 3389
Translated Address should be your virtual machine private ip address
Then, Go to virtual machine -> Networking -> click on network interface -> under setting DNS server -> custom
Add your destination server 209.244.0.3, 209.244.0.4 same like below:
Make sure to Restart your virtual machine and try to connect remote desktop with you firewall public ip.
After restart when I try to connect with my external www.google.com it works successfully like below:
You can refer my previous answer to connect sql server to access private endpoints.
The Problem is solved.
It workes only when i connect with the Azure SQL Server FQDN and it dont works with other FQDNs for Example CNAMES etc...
I must to edit my Hosts File on the local Machine and Point the FQDN from the SQL Server to the Public IP Address of the Azure Firewall.
On my DNAT Rule i check the Public IP of the Firewall and forward it to the FQDN or the Private IP from the Private Endpoint (both oft this works).
After this the DNAT Rule works and i can connect to the Firewall when i diable the public Access on the Azure SQL Server Firewall directly.
Regards,
Phil
So I'm using an Azure VM that has a public IP address, and I've opened an inbound port, let's say it's 5555.
What I'm trying to do now is to run an application on the VM that has an API via localhost, also with the port 5555. I'm calling it then with public_ip:5555/api/...
Since I was not able to connect to the application from outside, is there something missing here? Most tutorials and resources I've found just mentioned opening the port.
Thanks.
Take a look at Azure's IP Flow Verify utility, which will check your NSG rules to ensure traffic can reach your VM. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
If traffic is reaching your VM, check your host firewall and then your application server logs.
I have a flask server hosted on my azure vm.
if __name__ == '__main__':
app.run(debug=True, host="127.0.0.1", port=4400)
On vm, I can access the server via the address 127.0.0.1:4400
Now I want to be able to access this server from outside the vm i.e. my local computer.
I have already added the inbound security rule as below:
I have also added the same inbound rule on the VM's firewall on port 4400
Still I am unable to access the flask server via publicIP:4400 (publicIP is the public IP of my VM as displayed on the azure portal)
What could be the issue?
For your issue, there are two possible reasons.
You must listen to the IP 0.0.0.0 so that it's possible to access from the Internet. The 127.0.0.1 is just a loopback IP for the test in the localhost. So 4c74356b41 is right in this way.
If you also cannot access the app from the Internet when you change the IP into 0.0.0.0. Then it must be the rules issue. You should check your VM networking if it's the same NSG for your subnet and NIC. If not, add the rule to allow the port 4400 in both NSGs. Then you also should check if the public IP is associated directly with your VM, or it's associated with the load balancer and your VM is just in the backend of the load balancer. If it's a load balancer, you still need to add the load balancer rule to allow the port 4400.
Take a check for the two possible reasons.
I followed the documentation guide here to configure an Azure DNS zone for a virtual network.
I then created a virtual machine on that virtual network and provisioned a virtual network gateway to allow my Azure web apps to communicate with the virtual machine using VNet integration. My web apps are then able to resolve against the virtual machines private IP as expected.
I then created an 'A' type record set within the DNS zone resolving a service name against the private IP of the virtual machine just like here.
However, when I then attempt to access the DNS configured service name that should resolve against the private IP address of the virtual machine, I get the following error:
curl: (6) Could not resolve host: xxxx.local
Am I missing something obvious here?
I can not reproduce this error following your steps:
Create an Azure VNet with a DNS private zone like private.test.com.
Create a VM and a VPN gateway on that VNet.
Enable VNet integration with my Azure web app service.
My web apps are able to resolve against the virtual machines private IP as expected. This could verify the Azure private DNS zone should work. Then I also create an A record for a custom name against the VM private IP address. Both scenarios work.
You could check if an A record is something like below picture in the private DNS zone.
Then you could verify if curl with http:// or without that, or without the specific port 9200, the error is still the same.
I suggest using SET WEBSITE_DNS_ command. This command will output the current DNS server that is being used by the web app. If the error Environment variable WEBSITE_DNS_ not defined is received, no custom DNS servers are configured for the web app. See more details about networking Related Commands for Azure App Services.
I've been running the free trial and am trying to point of my name cheap domain to the vm web site I have created.
I covered the server Ip.
Here are my namecheap settings for the domain.
The covered Ip is the same as above..
Here are my IIS settings
Change the Hostname to my actual domain.
I've also disabled Windows firewall and added port 80 and 443 in the security app hooked to the Azure VM. I can't seem to connect to the website at all. Am I missing something? I've been troubleshooting for hours and cant find anything except basic tutorials and how to do it on the Classic Azure portal.
thank you.
If you are using V1 (old portal/classic) Azure VM resources, then you need to open up the endpoint on the cloud services. All VMs exist as part of a Cloud Service.
From the new portal,
Select the VM (Classic)
Settings
Endpoints
Add the required port (make sure public port is the one you want to use, say 80, and the internal port is the one IIS is listening for)
If you are using V2 resources, you need to add a public IP to your VM before it can be reached from the outside world.
From the new portal
Click on the VM
Open settings
Select Network Interfaces
Select IP Address
Enable public IP (and add a PIP)
Keep in mind that in Azure, all IPs are dynamic. You will want to configure DNS settings against the DNS names provided, and not the IP address (as this will change if you power off the machine). For V1, use the cloud service name. For V2, you are given the option when creating the PIP to have azure assign a DNS name.
For testing, try to telnet on port 80 to the correct DNS name.