From 89687b64584360e27a17993f1359fa10b36a550b Mon Sep 17 00:00:00 2001
From: "Yung S." <129580523+m8yng@users.noreply.github.com>
Date: Wed, 22 Jan 2025 14:22:19 +0800
Subject: [PATCH] Add port 19390 warning

---
 .../container-instances-egress-ip-address.md                   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/articles/container-instances/container-instances-egress-ip-address.md b/articles/container-instances/container-instances-egress-ip-address.md
index 83dd407335..04b629ce7c 100644
--- a/articles/container-instances/container-instances-egress-ip-address.md
+++ b/articles/container-instances/container-instances-egress-ip-address.md
@@ -117,6 +117,9 @@ Run the [az network vnet subnet update][az-network-vnet-subnet-update] command t
 
 By default, Azure Firewall denies (blocks) inbound and outbound traffic.
 
+> [!IMPORTANT]
+> Ensure that port 19390 is open in your firewall to allow connectivity to Azure Container Instances (ACI) from the Azure portal. This port is required when deploying container groups in virtual networks. Blocking this port can result in deployment failures, such as container groups remaining in a "Waiting" state, or prevent portal-based management and troubleshooting, including accessing logs and the container shell.
+
 ### Configure NAT rule on firewall to ACI subnet
 
 Create a [NAT rule](/azure/firewall/rule-processing) on the firewall to translate and filter inbound internet traffic to the application container you started previously in the network. For details, see [Filter inbound Internet traffic with Azure Firewall DNAT](/azure/firewall/tutorial-firewall-dnat)