Search code examples
azurepowerbifirewalloutboundpowerbi-datagateway

How to allow the azure data center IP address dynamically in firewall

I'm trying to install powerbi data gateway on-prem. So as per the pre-requisites, I need to allow some domain/IP for the outbound firewall.

As per this

It is recommended that you whitelist the IP addresses, for your data region, in your firewall. You can download the Microsoft Azure Datacenter IP list, which is updated weekly.

My Question:

  • Here Microsoft says they will update this weekly, which means those will be a dynamic IP, In such case how can I aware of that If I add one IP to my firewall but after it has been changed by Azure? Is there is any process to find/automate this process?
  • If we aren't used the IP address. Is there any way to open the outbound port for an FQDN like below

enter image description here

Solution

  • You have the list of outbound FQDN's that the gateway needs to communicate with, so this isn't really a question relating to Azure, it is whether your firewall (you do not mention what this is) can be configured to allow outbound connections to FQDN's rather than IP's, you would need to consult whoever manages your firewall to look at this. If it does not then the only option would be to add the Azure IP ranges.

    The only way you can be aware of an IP change in the Azure ranges is to look at the IP range document you listed. You could create a script that regularly downloaded and parsed that file, and updated your firewall.