none
using az-cli to add a firewall rule temporarily breaks the AllowAllWindowsAzureIps rule RRS feed

  • Question

  • We are creating a PostgreSQL server, database and AllowAllWindowsAzureIps firewall rule using an ARM template.
    We also create an AKS resource that runs our micro services, and they connect to PostgreSQL during their run.
    Later, we add a firewall rule (for our office's IP) using az-cli. From that point onward, our micro services fail to connect to thePostgreSQL server for about 25 minutes (not an exact time, but it always reconnects at the end).

    one workaround:
    If, during that 25 minute period, I disable and then re-enable the AllowAllWindowsAzureIps, our services connect to the server immediately.

    another workaround:
    Adding our office's IP address as a firewall rule manually, instead of using az-cli (by using the Azure Portal, and the "Add client IP" button in the PostgreSQL server's Connection security blade) works without any problems.


    • Edited by Noam Gal Sunday, April 7, 2019 8:18 AM fixed typo
    Sunday, April 7, 2019 8:08 AM

All replies

  • Hi Noam,

    Thanks for your feedback. Similar concern was addressed earlier as well in GitHub.

    I am checking internally if this has been resolved.

    Monday, April 8, 2019 8:48 AM
    Moderator
  • Hi Noam,

    As per your concern raised on twitter : https://twitter.com/ATGardner/status/1112683904153071618

    This issue is acknowledged. This is a known bug. It is getting worked on.

    Most probably the fix would be available by May.

    Hope it helps.

    Tuesday, April 9, 2019 6:33 AM
    Moderator