Tuesday, February 17, 2015

Azure IP Ranges

If you are setting up firewall exclusions related to Azure resources, it helps to know the Azure Dataenter IP address ranges. Turns out – that's really pretty easy: just download the details from the Microsoft Download Centre. Go here, the Azure Site and download that list.  The actual deep link to the XML document containing the IP ranges is: http://go.microsoft.com/fwlink/?LinkId=390343. Speaking personally, I found that deep link a bit hard to see on the Datacenter IP Ranges page.

The list that can download from Microsoft contains the all Compute IP address ranges (including SQL ranges) used by the Azure Datacenters around teh world. Each section of the XML document specifies a geographic region and the IP address ranges associated with that region.

The download is an XML document containing the current IP address ranges for all Azure data centres around the world, except China. The document looks like this (when viewed from PowerShell ISE):

image

The Windows Azure Datacenter IP Ranges in China are separately defined. The download centre enables you to download a separate list as the Chinese data centres are operated by 21Vianet.  You can get this document from here: https://www.microsoft.com/en-us/download/details.aspx?id=42064. It looks like this:

image

These IP address lists are published weekly. Microsoft also go on to make a good security point: Do not assume that all traffic originating from these IP address ranges is trustworthy!

2 comments:

Unknown said...

thats very useful ! thank you.
I wonder if they have API for receiving this file, I would like to automate the procedure.
Do you know one ?

Unknown said...

Hi,

I wrote a module allowing for automation with this file.

https://poshsecurity.com/blog/working-with-azures-public-ip-addresses