Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
580 questions
Got it Thanks.
Network configuration to allow communication with new IP addresses for Azure Data Factory
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 56.00000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Ramakrishna Abhijeet P
70
Reputation points
I need to understand what changes are required on NSG and Firewall Perspective for below alert? Recommended action If you're affected, notify your network infrastructure team to update your network configuration to add these new IP addresses by 1 April 2024. |Region|New IP Addresses| | -------- | -------- | |Region|New IP Addresses| |North Europe|4.207.242.72/29| |Qatar Central|4.171.31.184/29| |Central US|172.202.86.128/29| |West US 2|4.154.144.64/29|
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT 23,341 Reputation points Microsoft Employee2024-02-14T21:36:20.23+00:00 @Ramakrishna Abhijeet P
Thank you for reaching out.I understand the IP addresses listed above are used by Azure Data Factory.
Can you please elaborate more on your set-up and the NSGs present in the network? (If a rough Network diagram can be provided that will be helpful)
This will help us determine if you will be affected by the change above. Thank you!
-
Ramakrishna Abhijeet P 70 Reputation points
2024-02-15T12:58:16.9166667+00:00 If those are new IP's can have Old IP's? This way, I can search for the old IPs and replace them with the new ones. @ChaitanyaNaykodi-MSFT
-
ChaitanyaNaykodi-MSFT 23,341 Reputation points Microsoft Employee
2024-02-17T02:21:26.3466667+00:00 Thank you for getting back.
Here is the list of IP addresses used by various Azure Services.
I can see the IP's listed in your question above used by Azure Data Factory.
As Azure Data Factory is fully managed service, the alert above is usually sent when a new IP address space is added to a service .
Based on your question above.
I need to understand what changes are required on NSG and Firewall Perspective for below alert?
Now in your set-up if you have any services whish use NSG or Firewall and if you have created rules allowing IP addresses used by Data Factory. Then you need to append the rules and add the IP's listed above to the rule, there is no need to remove any old IP addresses in this case.
If there are no such NSG or Firewall rules set-up then you will be not impacted and there is no change required.
If those are new IP's can have Old IP's? This way, I can search for the old IPs and replace them with the new ones.
There is no need to replace the old IP addresses. The list IP addresses link I shared above has a list all the IP addresses used by Data Factory.
Please let me know if you have any questions. Thank you!
-
Ramakrishna Abhijeet P 70 Reputation points
2024-02-19T11:45:50.3533333+00:00 I have a NSG outbound rule a baseline as below. I'm sure we're good from NSG Point-of-view. But i'm more worried about the firewall pov. @ChaitanyaNaykodi-MSFT
-
ChaitanyaNaykodi-MSFT 23,341 Reputation points Microsoft Employee
2024-02-21T00:51:40.63+00:00 Thank you for getting back.
I have a NSG outbound rule a baseline as below. I'm sure we're good from NSG Point-of-view.
Yes, you are understanding is correct, you can find more details about service tags here.
But i'm more worried about the firewall pov
For Firewall and if you have created rules allowing IP addresses used by Data Factory then there might be some modifications needed. Can you share an example firewall rule which you think can cause issues? Thank you!
Sign in to comment
2 answers
Sort by: Most helpful
-
-
ChaitanyaNaykodi-MSFT 23,341 Reputation points Microsoft Employee
2024-02-27T22:45:19.7+00:00 Thank you for getting back.
I am just summarizing the discussion we had above, and it will help if you could mark this as answered as it will help other community members as well.
Here is the list of IP addresses used by various Azure Services.
I can see the IP's listed in your question above used by Azure Data Factory.
As Azure Data Factory is fully managed service, the alert above is usually sent when a new IP address space is added to a service .
Based on your question above.
I need to understand what changes are required on NSG and Firewall Perspective for below alert?
Now in your set-up if you have any services whish use NSG or Firewall and if you have created rules allowing IP addresses used by Data Factory. Then you need to append the rules and add the IP's listed above to the rule, there is no need to remove any old IP addresses in this case. If there are no such NSG or Firewall rules set-up then you will be not impacted and there is no change required.
If those are new IP's can have Old IP's? This way, I can search for the old IPs and replace them with the new ones.
There is no need to replace the old IP addresses. The list IP addresses link I shared above has a list all the IP addresses used by Data Factory.I have a NSG outbound rule a baseline as below. I'm sure we're good from NSG Point-of-view. Yes, you are understanding is correct, you can find more details about service tags here.
But i'm more worried about the firewall pov
For Firewall and if you have created rules allowing IP addresses used by Data Factory then there might be some modifications needed. Hope this helps! Please let me know if you have any additional questions. Thank you!
---I hope this has been helpful! Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!