If you are Relay users and you have firewalls blocking Relay’s outbound traffic, the article may help you to config your firewalls to allow traffic from Relay.
Whitelisting the Relay IP in the firewall would NOT help.
There are lots of instances behind Relay service, their IPs will change hence your Relay service does not have a dedicated outbound IP address. We recommend using the fully qualified domain names for your specific namespaces instead of using hardcoded IP addresses.
Format of Relay FQDN: <youServiceName>. servicebus.windows.net
If you still want to whitelist IP, we DO have a way.
We can try to use the following method to get the IPs.
Run nslookup <youServiceName>.servicebus.windows.net resolves to ns-sb2-prod-sy3-001.cloudapp.net as:
The gateways of namespaces in your cluster can be obtained as:
nslookup g0-prod-sy3-001-sb.servicebus.windows.net resolves to 13.75.152.38
nslookup g1-prod-sy3-001-sb.servicebus.windows.net resolves to 13.75.154.105
... ... ... ... ... ... ... ... ... ...
nslookup g31-prod-sy3-001-sb.servicebus.windows.net resolves to 40.126.225.100
We can use the existing script to auto obtain the gateway IP
Please check here azure-relay-dotnet/GetNamespaceInfo.ps1 at master · Azure/azure-relay-dotnet · GitHub, you can run command “./GetNamespaceInfo.ps1” to run the script. It will help us to resolve all the IPs.
Here’s my testing result and please run the command to update the IP list in your firewall at least on a monthly basis.
Upcoming changes to IP addresses for Azure Relay
Recently, the Relay service team has been working on upgrading our infrastructure to the newest technologies. Due to this infrastructure change, the IP addresses associated with the namespaces are also going to be changed.
Your Relay based solutions may break if you aren't following the best practices of using domain names in your firewall or network device configurations to allow communication with this service but are instead using these IP addresses.
Updated Apr 29, 2022
Version 1.0
gujia93
Microsoft
Microsoft
