locked
Firewall rules for Azure CDN -> Key Vault RRS feed

  • Question

  • Hi,

    I want to enable the Firewall for Azure Key Vault, however when I do that the Azure CDN cannot connect anymore to it. 

    What IPs should I whitelist in the Key Vault firewall for Azure CDN? Having in mind the limitation of 127 entries only I hope the answer will not be "the whole US datacenter where Azure CDN resides" ...

    Thanks in advance,

    Deyan

    Friday, April 17, 2020 6:36 AM

All replies

  • Some additional information - the Azure Portal error (CDN Profile -> endpoints -> custom domains) I managed to resolve by just adding my IP to the Key Vault network rules (obviously the Azure Portal running in my browser makes calls to Azure Key Vault only for display purposes). 

    However I am wondering what IP should I whitelist so that Azure CDN *Backend* can retrieve the certificate when it provisions the custom domain, or after that when the certificate is refreshed and Azure CDN needs to be refreshed accordingly ..

    Friday, April 17, 2020 8:29 AM