Publish the the list of Traffic Manager Probe IPs
We have several VMs which provide a service to our web roles. We use traffic manager to loadbalance between these VMs.
As the the only valid traffic to these VMs is from our webroles, our office or the TM probes, we use windows firewall on the VMs to restrict all other traffic.
The issue we have is that the traffic manager Probe IPs change on occasion.
If the list of Probe IPs was published, we could ensure that our FW rules are kept upto date ensuring that TM is doing it's supposed to be doing!
This feature has been completed. The IP addresses used by the Traffic Manager health checks are now fixed, and can be included in ACLs/firewall whitelists.
The list of health check IP addresses is published here: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring#faq
For services in Azure, we are planning in future to make it easier to whitelist these IP addresses via a pre-defined NSG rule.
This feature is available in the Azure Public Cloud. It is not yet deployed to the Azure China Cloud, German Cloud, or FedGov Cloud.
I believe the above link is not exact, here is the correct link: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-faqs#traffic-manager-endpoint-monitoring
I use this list in a UDR because my system is configured by cross advertised of expressroute and force tunnnling. We can't use NSG for routing. So if you change this list, I strong request you to notice by email in advance.
Dave H [MSFT] commented
Looks like the published list has moved to https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-faqs#what-are-the-ip-addresses-from-which-the-health-checks-originate
Any Update on this?
Dilip L [MSFT] commented
We have the list of IP addresses from where Traffic Manager probes will originate published at https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring#faq
Neil Moran commented
Been wondering this myself - but found a list of IPs published on https://azure.microsoft.com/en-gb/documentation/articles/traffic-manager-monitoring/
Oliver Simmons commented
Hi is there any update on when this list will be published? It has been 4 months since "we plan to do in the near future" do you know when this information will be published. This is preventing us from migrating to Azure. In the current climate it is not acceptable to have a production website fully open to the internet just to allow a sla monitor to function.
Is there any update, when the IP addresses will be listed? this is preventing a large project.
Is there any more information on when the probe IP's will be published? this is preventing us from using this service until we are able to lock down our firewall.
Admin, do you have a eta of when the IP addresses for the probes will be published?
We use web roles with acl's in the service coniguration *.cscfg file to disable access from the internet. We have identical deployments in two different azure data centers east us and west us. When we enable the acl rules, Azure Traffic Manager gets blocked out, and shows both endpoints as degraded.
We followed directions per this msdn blog article:
You can only have 50 ACL rules per endpoint and the list is to large for the entire Azure IP range. It seems traffic manager doesn't work with ACL's so in order to use the Traffic Manager product offering you have to enable global access to your sites which is disappointing.