You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/blobs/network-file-system-protocol-support.md
+7-4Lines changed: 7 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -132,26 +132,29 @@ For step-by-step guidance, see [Mount Blob storage by using the Network File Sys
132
132
Traffic must originate from a VNet. A VNet enables clients to securely connect to your storage account. The only way to secure the data in your account is by using a VNet and other network security settings. Any other tool used to secure data including account key authorization, Microsoft Entra security, and access control lists (ACLs) can't be used to authorize an NFS 3.0 request.
133
133
134
134
To learn more, see [Network security recommendations for Blob storage](security-recommendations.md#networking).
135
+
> [!Note]
136
+
> Public IP whitelisting is not supported.
135
137
136
138
### Supported network connections
137
139
138
-
A client can connect over a public or a [private endpoint](../common/storage-private-endpoints.md), and can connect from any of the following network locations:
140
+
Clients can connect via a public or [private endpoint](../common/storage-private-endpoints.md), provided the connection originates from any of the following network locations:
139
141
140
142
- The VNet that you configure for your storage account.
141
143
142
144
In this article, we'll refer to that VNet as the *primary VNet*. To learn more, see [Grant access from a virtual network](../common/storage-network-security.md#grant-access-from-a-virtual-network).
143
-
145
+
144
146
- A peered VNet that is in the same region as the primary VNet.
145
147
146
148
You'll have to configure your storage account to allow access to this peered VNet. To learn more, see [Grant access from a virtual network](../common/storage-network-security.md#grant-access-from-a-virtual-network).
147
-
149
+
148
150
- An on-premises network that is connected to your primary VNet by using [VPN Gateway](../../vpn-gateway/vpn-gateway-about-vpngateways.md) or an [ExpressRoute gateway](../../expressroute/expressroute-howto-add-gateway-portal-resource-manager.md).
149
151
150
152
To learn more, see [Configuring access from on-premises networks](../common/storage-network-security.md#configuring-access-from-on-premises-networks).
151
-
153
+
152
154
- An on-premises network that is connected to a peered network.
153
155
154
156
This can be done by using [VPN Gateway](../../vpn-gateway/vpn-gateway-about-vpngateways.md) or an [ExpressRoute gateway](../../expressroute/expressroute-howto-add-gateway-portal-resource-manager.md) along with [Gateway transit](/azure/architecture/reference-architectures/hybrid-networking/vnet-peering#gateway-transit).
157
+
155
158
156
159
> [!IMPORTANT]
157
160
> The NFS 3.0 protocol uses ports 111 and 2048. If you're connecting from an on-premises network, make sure that your client allows outgoing communication through those ports. If you have granted access to specific VNets, make sure that any network security groups associated with those VNets don't contain security rules that block incoming communication through those ports.
0 commit comments