Forum Discussion
Firewall Whitelist for Connect VM to Arc
Hi,
I need to set up a whitelist of addresses on the router firewall that are necessary for accessing Arc. In the documentation, I found addresses for entire subdomains, such as *.blob.core.windows.net, which the router can't handle. I also can't feasibly cache all the addresses from the subdomains with a script. Another resource I found is the Azure IP Ranges list here, but it's not clear which addresses are needed for Arc. Moreover, creating a whitelist manually from IP addresses that might soon become outdated due to resource migration is not the best solution.
How can this be resolved more elegantly?
Thank you.
2 Replies
- Rohllik28
To whitelist addresses for connecting VMs to Azure Arc, use Azure Service Tags. These represent groups of IPs for Azure services like Arc, and they automatically update, eliminating manual IP management. Alternatively, if using Azure Firewall, enable FQDN filtering for domains like *.blob.core.windows.net to simplify access without needing individual IP addresses. Hi Rohllik28,
How is the connection to Azure organised? It reads as if you want to go over the Internet?
We primarily use Site2Ste VPNs here, which also makes the firewall configuration easier.
Best regards,
Matthias
