0

https://blogs.msdn.microsoft.com/servicebus/2017/11/07/open-port-requirements-and-ip-address-whitelisting/

Above link suggests you can white-list a single IP for Azure Service Bus.

We are seeing when we connect to $XXX.servicebus.windows.net, that in turn kicks off many connections to various 104.214.$YYY.$ZZZ destinations.

What actually needs to be whitelisted?

Adam Krouskop
  • 3
  • 1
  • 3

1 Answers1

1

Are you using Azure Relay by any chance? If so, then this post describes how to find the 8, 16, 32, 48, or 64 IP addresses that could get used:

https://blogs.msdn.microsoft.com/servicebus/2017/01/13/azure-wcf-relay-dns-support/

Dave Stucki
  • 121
  • 3
  • Thank you. The PowerShell script linked to in that post - https://github.com/Azure/azure-relay-dotnet/blob/master/tools/GetNamespaceInfo.ps1 - was exactly what I needed. – Adam Krouskop Mar 08 '18 at 19:21
  • Note that this list is allowed to change over time. Ideally run a script like that which fetches the current IP addresses to white-list once a week or so. Or, if possible use the DNS support which was announced in that "Azure WCF Relay DNS Support". If your firewall allowed it then you could simply add addresses similar to g0-prod-by3-010-sb.servicebus.windows.net through g63-prod-by3-010-sb.servicebus.windows.net to your allow list. – Dave Stucki Mar 09 '18 at 19:52