0

I am Integrating sage pay payment gateway to my Asp.net MVC 4 web site ,that currently running on azure app services. so i need to open above ports in my azure app services to get response from Sagepay. This is what they asked to do.

"Please ensure that all of the following IP addresses are allowed within your Server or Firewall: 

For outbound traffic to our gateway:
195.170.169.9 – live.sagepay.com
195.170.169.8 – test.sagepay.com
For inbound traffic you only need to whitelist IPs if you are using SERVER as this is the only solution that initiates call backs. You don’t need to apply this for our FORM and DIRECT integrations. The IPs from which we call back are:
195.170.169.14 
195.170.169.18 
195.170.169.15 
The Subnet mask used by Sage Pay is 255.255.255.000
Please ensure that your firewalls allow outbound Port 443 (HTTPS only!) and inbound Ports 443 (and optionally 80 HTTP) access in order to communicate with our servers (on Simulator/Test/Live).
There is however always scope for this to change depending on how we a utilising our data centres servers. Sage Pay own the entire 195.170.169.0/255 range (256 IP’s). If you are happy to allow this range then this automatically accommodates any future changes."
TDM
  • 115
  • 15

2 Answers2

1

May be this could help out, try adding this in web.config of your application.

<system.webServer>
  <security>
    <ipSecurity allowUnlisted="false">
      <add ipAddress="123.123.123.123" allowed="true"subnetMAst="255.255.0.11"/>
    </ipSecurity>
  </security>
</system.webServer>
Mitin Dixit
  • 541
  • 4
  • 9
  • Actually I need to do it on my firewall or server sire.but i did that way also.but not succeed. – TDM Aug 04 '16 at 16:56
1

Azure Web Apps infra uses different IP's for inbound and outbound communication. By default port 80 & 443 is open on Azure Web Apps infrastructure. It also doesn't restrict inbound requests from a specific IP by default, unless you have IP Restriction configured in web.config.

If you are using ASE then you will have to configure inbound and outbound rules.

See this article on how to do this:

Control Inbound Traffic to an App Service Environment

Kaushal Kumar Panday
  • 2,329
  • 13
  • 22
  • you mean that i dont need to add inbound and outbound ip addresses.by default those things are allowed on azure? – TDM Aug 31 '16 at 18:09
  • Yes, you don't need to or to be more specific you don't even get an option to add inbound or outbound rules to a normal web app. Unless you are using **App Service Environment**. – Kaushal Kumar Panday Sep 02 '16 at 06:11
  • kumar thnkz for replying. Yes of course.we have to use ASE with VNET Configuration and lots of things to do. but there is no point if we already allow outbound and inbound ip addresses by default in Azure. isn't it? previously i thought that i need to add separate outbound/inbound addresses ,open 443/80 ports like wise.but in here those things already working . isn't it? – TDM Sep 02 '16 at 06:39
  • I will retract a bit. If its ASE with VNET configuration, then you will have to allow. :) See these articles: https://azure.microsoft.com/en-in/documentation/articles/app-service-app-service-environment-control-inbound-traffic/ – Kaushal Kumar Panday Sep 02 '16 at 06:41