# Ability Azure VPN Support
Update
The former ABB Digital VPN has been upgraded to ABB Ability Azure VPN. Use
of the ABB Digital VPN should be discontinued, and replaced with the Ability Azure VPN. If you were previously using the old VPN, you have an account with
the new server, and can switch to the new VPN without issue or an MyIS
request. Update your Cisco
AnyConnect Secure Mobility Client entry to vpn-digital.xe.abb.com
# Allowlisting Azure Resources
For a developer accessing ABB Digital resources for internal work, you may need to modify network settings for Virtual Machines. Resource governance and security guidelines prevent any virtual machine from being accessible to the internet via RDP. These rules may be different, depending on your Business Line and organization. It is recommended to protect Virtual Machines by disabling public access and connecting to that machine only by VPN, SSH or Bastion Host.
This can be configured by adding rules on the Network Security Group applied to
the Virtual Machine's virtual network. The table below shows an example of
inbound rules to allow access from the Ability Azure VPN.
| Priority | Name | Port | Protocol | Source | Destination | Action | Description |
|---|---|---|---|---|---|---|---|
| 1000 | AbilityVPNGateway | Any | Any | 138.225.1.196, 138.225.1.197 | Any | Allow | Allow inbound connections from Ability VPN Gateways only. |
| 65000 | AllowVnetInBound | Any | Any | VirtualNetwork | VirtualNetwork | Allow | Default rule |
| 65001 | AllowAzureLoadBalancerInBound | Any | Any | AzureLoadBalancer | Any | Allow | Default rule |
| 65500 | DenyAllInBound | Any | Any | Any | Any | Deny | Default rule |
# Network Security Group Configuration for Ability Azure VPN
# Network Security Rule Configuration for Ability Azure VPN
