Static IP ranges for Data Factory and add ADF to list of Trusted Azure Services
It is not currently possible to identify the IP Address of the DF, which you need for firewall rules, including Azure SQL Server firewall....
Great news – static IP range for Azure Integration Runtime is now available in all ADF regions! You can whitelist specific IP ranges for ADF as part of firewall rules. The IPs are documented here: https://docs.microsoft.com/en-us/azure/data-factory/azure-integration-runtime-ip-addresses#azure-integration-runtime-ip-addresses-specific-regions. Static IP ranges for gov cloud and China cloud will be published soon!
Please refer to this blog post on how you can use various mechanisms including trusted Azure service and static IP to secure data access through ADF:
Service tag support will be made available in next few weeks. Please stay tuned!
If your network security requirement calls for ADF support for VNet and cannot be met using Trusted Azure service (released in Oct 2019), static IP range (released in Jan 2020), or service tag (upcoming), please vote for VNet feature here: https://feedback.azure.com/forums/270578-data-factory/suggestions/37105363-data-factory-should-be-able-to-use-vnet-without-re
I'm not sure this chat includes Data Flow, so raised new request.
Is part of the plan to add service tags for the Data Flows IP addresses? This would be very helpful as the DataFactory and DataFactoryManagement tags don't work.
My data flow is using the DefaultIntegrationRuntime (East US), but the error below is occurring even releasing the IPs reported.
AIR East US_1 220.127.116.11 - 18.104.22.168
AIR East US_2 22.214.171.124 - 126.96.36.199
AIR East US_3 188.8.131.52 - 184.108.40.206
Cannot connect to SQL database: 'jdbc:sqlserver://***.database.windows.net;database=dbname', 'User: username'. Please check the linked service configuration is correct, and make sure the SQL database firewall allows the integration runtime to access..
Michael Daynes commented
The ability to white list Data Factory in Azure SQL databases is great news as it means you don't have to Allow All Azure Services. But you are still allowing all Data Factories and not just your own.
Nice work~~ Finally, I can setup an IR for a specific region. My ftp access looks good so far.
Please keep the IP range list up to date.
Alam, Shafiul commented
Great news. But still getting "Access Denied" error when trying to create Linked service for a West US2 "Azure FILE storage" even if we white listed West US2 static IPs. Can you please tell me if I am doing something wrong? Attaching images with "ADF error messeges", Azure file share firewall setting and Azure IR properties. PLease note the our Azure IR has "Auto resolve" region. Can that be an issue?
Need some urgent help
When can we expect South Africa North?
Could you please verify if North Central US range is correct? we are getting a 220.127.116.11 IP address value when the range mentioned on the Microsoft document is 18.104.22.168/25 and 22.214.171.124/26.
Oliver Yao (Azure Data Factory) commented
list for Azure Gov would be added soon (in weeks).
Looks like it is not all regions... I do not see anything listed for Azure Government, or do you have that list posted somewhere else?
Any update on this. We really need this
please give it now, we desperately need it
Mayank Srivastava commented
Any update on this yet ?
Also looking for an update on the statics.
Santiago Galvis commented
This is great, can you please provide an update on the static IP address. Thank you
Great news, any update on when we can expect the Static IP range for Azure Integration Runtime to be available?
Adding a bump to this. Either getting ADF in an Azure VNet or getting the Public CIDR range for the Azure workers.
The VNet option would be preferable.
C Uslu commented
I need to add ADF to an Azure Vnet . Come on guys !