We are going to use robocopy to keep a stack of encrypted files synced to an azure file share.
But what do we need to open on the firewall to let the backup server get to an azure storage file share? (This will be an SMB3 connection from Win2012-R2 to azure storage)
a) Open port 445
b) But what IP addresses?
Our storage account says regions: East US, West US
I found this page:
https://www.microsoft.com/en-us/download/confirmation.aspx?id=41653
which gives a LARGE list of ranges (50-100) to cover those two regions.
Must I add all those ranges to our firewall, or is there a more targeted way to discover the ip ranges to access:
.file.core.windows.net
?
Best Answer
The only workable path is to enable firewall to work with domains, and to then open it to:
my-sharename.file.core.windows.net
(For the appro share name / storage entity)