Azure IP Address Hell

Posted: June 20, 2023  |  Categories: Azure
Tags:

We have been fighting with firewall inclusions failing for many Azure interfaces over the last month or so. A lot of these interfaces have been running for years without any change. A pattern is emerging. The solution is always to add a new IP address to the firewall inclusions.

We have always looked at the properties page on the Logic App blade to get the range of IP Addresses that we must whitelisted.

I think Microsoft must be running out of IP addresses and they are using anything they can get their hands on. Moreover, I think they are randomly changing the IP addresses that our Logic Apps and API connectors run on. This is annoying because most of the IP inclusion lists in the Microsoft documentation or Azure tooling is now out of date. It seems that you must now go to https://www.microsoft.com/en-us/download/details.aspx?id=56519 to be sure that you have all for your whitelist. For example if you look at the outgoing IP addresses in that list you will find some extra ones to the list on the Logic app properties screen.

    {
      "name": "AzureConnectors.AustraliaEast",
      "id": "AzureConnectors.AustraliaEast",
      "properties": {
        "changeNumber": 6,
        "region": "australiaeast",
        "regionId": 3,
        "platform": "Azure",
        "systemService": "AzureConnectors",
        "addressPrefixes": [
          "13.70.72.192/28",
          "13.70.78.224/27",
          "13.72.243.10/32",
          "13.75.139.0/32",
          "20.70.220.192/27",
          "20.70.220.224/28",
          "20.213.202.51/32",
          "20.213.202.84/32",
          "52.237.214.72/32",
          "2603:1010:6:402::180/122"
        ],
        "networkFeatures": [
          "API",
          "NSG",
          "UDR",
          "FW"
        ]
      }
    },

Is anyone else having these same issues?

turbo360

Back to Top