IP whitelist for Synapse Spark Pools to reach external endpoint with firewall?

If your Synapse workspace is not integrated with a vNet, there are two main options to consider:

• Utilize the outbound public IP address ranges associated with Synapse. These ranges are published by Microsoft and can be found for each region in the official documentation: https://learn.microsoft.com/en-us/azure/synapse-analytics/security/gateway-ip-addresses
• If you still maintain on-premises infrastructure, you could use an on-premises integration runtime and route traffic to the vendor through your existing on-premises internet breakout.
  
  

Alternatively, you could enable vNet integration for Synapse by using managed private link, which allows you to route traffic through a NAT gateway. This approach provides a small, fixed set of outbound IP addresses but does require provisioning additional Azure resources and some extra configuration.