Azure traffic manager -IP whitelisting

4.6k views Asked by At

I have a Azure Traffic Manager over a geo distributed cloud service. I need to lock down my cloud services which are primarily web apis so that they are accessible to only a certain range or IP ADDRESSES. Is there a way to achieve this? Or may be there are ways to restrict IP addresses on cloud services. But with a combination of traffic manager on top of that would that work?Does traffic manager flow the source ip address to the cloud services?

3

There are 3 answers

1
juunas On BEST ANSWER

Traffic Manager cannot filter traffic. It just responds to DNS queries from clients.

The source IP address will be the original one because the traffic doesn't go through Traffic Manager, it only tells the caller where to go, and the caller then calls your service directly.

0
Tim Newton On

Also late to the party but we were restricting our App Services by IP address and all of a sudden our traffic managers started to display degraded after working fine for years. After lots of investigation we think that Azure added some new traffic managers that were on different IP addresses so they were getting blocked by our IP restrictions. The original restrictions had included a small range of IP addresses for the traffic manager but this list looks like its expanded. The best solution is to allow the traffic manager through, not based on its IP address buts its service tag as below :

Traffic Manager IP restriction

1
E. Staal On

Late to the party but: if you ended up using a whitelist on for example an Azure App Service than you will need to add the addresses of Traffic Manager as well. Otherwise Traffic Manager will not be able to check the health of your App and report it as degraded.

You can find it here: https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-faqs#traffic-manager-endpoint-monitoring

Direct link: https://azuretrafficmanagerdata.blob.core.windows.net/probes/azure/probe-ip-ranges.json