Forum Discussion
IP whitelist for Synapse Spark Pools to reach external endpoint with firewall?
I am trying to reach an external vendor SFTP site from my Synapse Spark notebook. The site is behind a firewall. I want to get the IP range for all of our Spark pools to the vendor so they can whitelist them. Struggling to get a clear idea of that list. Closest I found so far was "Azure Cloud East US", which is rather broad. Any advice/ideas how to get a refined list/range of IPs?
1 Reply
If your Synapse workspace is not integrated with a vNet, there are two main options to consider:
- Utilize the outbound public IP address ranges associated with Synapse. These ranges are published by Microsoft and can be found for each region in the official documentation: https://learn.microsoft.com/en-us/azure/synapse-analytics/security/gateway-ip-addresses
- If you still maintain on-premises infrastructure, you could use an on-premises integration runtime and route traffic to the vendor through your existing on-premises internet breakout.
Alternatively, you could enable vNet integration for Synapse by using managed private link, which allows you to route traffic through a NAT gateway. This approach provides a small, fixed set of outbound IP addresses but does require provisioning additional Azure resources and some extra configuration.
