Azure monitoring with VPN tunnel

Open ports for Agent communication on the Internet without VPN.

Agent Open Port Requirements:

• 17778 (Active mode): In Active mode, no ports need to be open on the host where the agent is installed. However, TCP port 17778 must be open on the Orion server or the additional poller with which the agent is associated. This port must be opened on the Orion server (inbound) and allowed by the firewall. It is used on a continual basis once the agent has been deployed. Communication is initiated outbound from the agent to the Orion server.
  Important: This requirement is for Active agents only. If Passive agents are used, no ports need to be opened on the firewall for the Orion server. For more information, seeChanging the Agent Port.
• 17790 (Passive mode): In Passive mode, port 17790 must be opened on the host where the agent is installed and allowed by the firewall.

Requirements for Remote Deployment from the Orion Server:
Note: Other remote or mass deployment methods do not have the same requirements.

• The account used for remote deployment must have access to the administrative share on the target computer: \\<hostname_or_ip>\admin$\temp
• User Account Control (UAC) must either be disabled, or the built in Administrator account must be used.
• An installed agent occupies less than 100 MB of hard drive space

Open Ports Requirements for Remote Deployment from the Orion Server:

• 135: Microsoft EPMAP (DCE/RPC Locator service). This port is required to be open on the client computer (Inbound) for remote deployment.
• 445: Microsoft-DS SMB file sharing. This port is required to be open on the client computer (Inbound) for remote deployment.