Allow outbound traffic using a wildcard domain to the Azure Relay Service (best practice). If the firewall does not allow wildcards, use the fully qualified domain names for your specific Azure Relay namespaces.
NOTE: For additional information, see Azure Relay WCF and Hybrid Connections DNS Support.
Allow Traffic using Wildcard Domain (Best Practice)
To allow traffic using a wildcard domain (Microsoft Recommended best practice), add *.servicebus.windows.net to the firewall rules permitting port 443 outbound.
Allow Traffic using IP addresses (Not Recommended)
To allow traffic using fully qualified domain names to the firewall rules:
-
Look up the IP addresses used by the Azure Relay namespace. The IP addresses can be returned by using this script.
-
Add the IP addresses to the firewall rules permitting port 443 outbound.
-
Frequently monitor the IP addresses for changes. Update the IP addresses in the firewall rules when there are IP address changes. The IP addresses can be returned by using this script.
NOTE:
