SOLVED

Pipeline IP Question

Copper Contributor

Hi All,

 

I'm facing a connection issue when trying to execute a Pipeline, which is set up to FTP files to my own FTP Server.

I followed the steps outlined in this article to add the IP range 20.195.68.0/24 to my FTP Server's whitelist:

https://learn.microsoft.com/en-us/azure/devops/organizations/security/allow-list-ip-url?view=azure-d...

However, the pipeline still cannot access the server.

 

To troubleshoot, I set up a test FTP Server and directed the Pipeline to FTP to this test server.

From the server's logs, I noticed incoming IPs like:

- 20.239.x.x

- 20.247.x.x

- 4.194.x.x

These IPs appear to be different from the IP ranges mentioned in the reference article.

To ensure that my Pipeline can successfully FTP to my target FTP Server,  please advise on which IP range or domain I should add to the whitelist?

 

Thank you!

1 Reply
best response confirmed by mikewu (Copper Contributor)
Solution

@mikewu 

 

Whilst this doesn't address your specific issue - I'd like to suggest an alternative approach.

 

Whitelisting a large range of public IP addresses on your FTP server isn't ideal. If it's possible for you to do so, I'd suggest looking at deploying an Azure resource such as a Virtual Machine (VM) on which you can install the Azure DevOps agent. You can add the VM as a self-hosted agent and set your pipeline to run on there. As the Azure VM is under your control, you can set its public IP address to be static and therefore only need to whitelist the one public IP address on your FTP server. To save on costs, you can power off the Azure VM when you don't need it (either manually or you can automate it).

 

References:

Self-hosted Windows agents 

Self-hosted Linux agents 

1 best response

Accepted Solutions
best response confirmed by mikewu (Copper Contributor)
Solution

@mikewu 

 

Whilst this doesn't address your specific issue - I'd like to suggest an alternative approach.

 

Whitelisting a large range of public IP addresses on your FTP server isn't ideal. If it's possible for you to do so, I'd suggest looking at deploying an Azure resource such as a Virtual Machine (VM) on which you can install the Azure DevOps agent. You can add the VM as a self-hosted agent and set your pipeline to run on there. As the Azure VM is under your control, you can set its public IP address to be static and therefore only need to whitelist the one public IP address on your FTP server. To save on costs, you can power off the Azure VM when you don't need it (either manually or you can automate it).

 

References:

Self-hosted Windows agents 

Self-hosted Linux agents 

View solution in original post