cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
molan
Neighbour

Telus is blocking outbound access to Azure Managed File Shares via outbound port 445.  I understand why they would block inbound Port 445 but I see 0 reason for blocking outbound Port 445. 

 

https://azure.microsoft.com/en-ca/products/storage/files

 

This is impacting remote workers within our company and their ability to effectively do their jobs when they are out of the office.  I can understand why this may have been done 20 years ago, But Telus the internet has evolved in the last 20 years. You are impacting the use of major legitimate services.  

 

Please update your policy.

 

Your competitors don't block this traffic.  

12 Comments
FuzzyLogic
Community Power User
Community Power User

I'm not sure if this is current but it doesn specifically mention port 445:

 

TELUS HSIA Security Measures Policy | TELUS Support

 

I believe this only affects non-business customers. You may wish to investigate using VPN to get past this restriction.

 

xray
Hero

@FuzzyLogic the page you link does mention blocking port 445

 

The following ports will have inbound (ingress) and in some cases outbound traffic blocked.

 

TCP/UDP 445 (ms-ds)

  • Microsoft Directory Services - Customers that allow legitimate Internet users access to their computers will lose this ability
  • This allows hackers to directly connect to a Windows based computer and gain total control over the OS
xray
Hero

Most organizations needing to use MDS would also mandate the use of a VPN to access it.

molan
Neighbour

Please read the initial question. This is for access to Managed Azure File shares which uses authenticated\encrypted SMB 3 connections (port 445).  this isn't for access to a windows server with SMB exposed. Its also not for Directory Services.  

 

A VPN defeats the point of using a Cloud based service and adds additional cost. 

molan
Neighbour

This only affects DHCP based Telus connections, but this 100% affects business customers since many business have staff working remotely using Telus connections.

xray
Hero

Microsoft-DS is also known as SMB. Regardless of what you call it port 445 is what is used. It's the same port that malware such as WannaCry ransomware uses. This is why it's advisable to use a VPN for services on port 445.

molan
Neighbour

Your still ignoring the fact that this isn't a windows server that I am referencing.  Its an Azure SAS Service.  I have heard 0 reports of ransomware infecting Azure SAS Offerings.  

xray
Hero

I'm ignoring the server you are trying to connect to because it's irrelevant to whether the port is blocked or not. The port is blocked for all traffic.

molan
Neighbour

I am aware the port is blocked.  Hence this question to Telus.. 

It would seem you have nothing useful to contribute.

xray
Hero

I was providing some information as to why the port is blocked and why Telus may not unblock it. It's unfortunate that you didn't find that useful.

A-B
Community Manager
Community Manager
 
ozhunna
Neighbour

Thanks for this and I am shocked by it, been troubleshooting connectivity and can hot spot my phone and connect and stumbled across this thread.