I have created a vnet on azure. The vnet contains VM, bastion host, and pfsense firewall. I'm connecting to VM using bastion host, and all the traffic is getting filtered using pfsense.
After connecting to VM, when I see the state table of pfsense, I notice that the vm has sent requests to public IPs of Microsoft. The details of the IPs are as follows
| IP Address | Port |
|---|---|
| 168.63.129.16 | 32526 |
| 168.63.129.16 | 80 |
| 104.211.104.96 | 443 |
| 52.239.202.196 | 443 |
| 52.239.202.68 | 443 |
| 64.4.48.5 | 53 |
Can anyone please help me to understand what are these IPs and why VM is sending a request to these IPs
CodePudding user response:
As I have mentioned in the comments , the First two IP address (168.63.129.16:35526,168.63.129.16:80) are used by Azure Extensions and Features which is also mentioned in the Microsoft Document .
As for the next 3 IP's (104.211.104.96:443,52.239.202.196:443,52.239.202.68:443) are used by Azure Storage Service in Central India region which can be found in the Microsoft Public IP's for Different Service File (mentioned as 52.239.202.0/24,104.211.104.96/28). You can Download it from here.
And For the last IP (64.4.48.5:53) , It not present in the list but as per the port 53, it is being used by DNS . So, my guess will be it is being used by public DNS of the Bastion Host.