I have a datafactory deployed in South Africa North Region. The intergration runtime has Virtual Network Configuration enabled i.e the IR runs the same Region and VN as the Data Factory.
I have a Data Flow that is trying to sink the output in Azure Synapse and the Synapse workspace is also in the same Region with a Managed Virtual Network and has a private Enpoint that connects it to the Data Factory
The Storage account is in the same region and can only accept Selected Networks and there is a private endpoint that connects it to the Data Factory.
The issue is when my Storage account Firewall rules allows access from all networks i can sink the data in synapse without any issue but If I close it down to selected networks and add a private endpoint that connects it to the Data factory it fails with a 403 as below:

Fetching data from Synapse using the Data Factory even when the Firewall is closed down to selected networks is working fine.
The issue seems to be related to this question on Stack Overflow but the user here was tryng to sink in the Storage Account itself not Azure Synapse. Just like this user I need the IR to be in the same region with all the other resource and my security team will not allow to open up the firewalls in production. I am also failing to find the link with sinking to azure synapse and storage account setting having to determine the outcome. I even disabled staging on the sink settings but the storage account setting still determines the error.