How can I set the Notification receiving IP address to a fixed IP address?

Lee, Jong Kwan 20

our environment is limited network environment, mobile WIFI also has to be connected to company network without internet connection,

but we can allow connection using firewall configuration allowing ip address and port,

but we did not allow range of ip address,

so how can we set notification endpoint ip address as fixed ip address

ajkuma 23,181 Reputation points Microsoft Employee

2024-05-14T12:55:57.79+00:00

To better assist you on this, are you leveraging Azure Notification Hubs for your environment?
You have mentioned 'our environment is limited network environment', is this hosted on Azure? What specific Azure resources are you leveraging? How is your network/VNET setup? Kindly provide more details about your requirement.

Note: Please do not post any PII data on the public forum.
Lee, Jong Kwan 20 Reputation points

2024-05-15T11:51:33.3633333+00:00

we are using WIFI network provided by Internet provider, so we can not change network , only allowing fixed open ip address for the connection,

and our customer can not use internet ,only use upper network,

it means we have to use fixed open ip address for the receiving mobile notification like FCM, GCM, notification hub, etc
Lee, Jong Kwan 20 Reputation points

2024-05-15T23:34:38.7966667+00:00

understood what you mean,

but Internet provider do now allow Ip range, just allowing fixed Ip address,

IP address range of FCM, GCM or other cloud based notification server is too broad.
ajkuma 23,181 Reputation points Microsoft Employee

2024-05-16T09:38:37.61+00:00

Thanks for the follow-up. Based on your requirement - For a closer look, if you have a support plan, I request you to file a support ticket with our support team, create an Azure support request for a focused assistance.

Thanks to Gowtham CP for adding some pointers. If we were able to point you in the right direction, we appreciate if you may consider to accept 1 answer - it will benefit community users to find the answers quickly. (I can also convert my comment to answer).
ajkuma 23,181 Reputation points Microsoft Employee

2024-05-20T14:11:11.4166667+00:00

@Lee, Jong Kwan , If my answer helped point you in the right direction, please click Accept answer.

Accepted answer

Gowtham CP 2,215 Reputation points

2024-05-11T15:21:41.9166667+00:00

Hello Lee, Jong Kwan

Thanks for reaching out in the Microsoft Q&A!

To ensure notifications are securely received in a limited network environment, you can set up a bastion host within the Azure Virtual Network (VNet). This bastion host serves as a secure gateway. Firstly, create a virtual machine (VM) designated as the bastion host within your Azure environment. Next, configure the Azure notification service to send notifications specifically to the fixed IP address of this bastion host. Within the bastion host, establish a secure tunnel, such as a VPN connection, to securely connect Azure to your internal network. Finally, configure the network firewall to allow inbound traffic only from the bastion host, ensuring that notifications are received from trusted sources. By following these steps and implementing a bastion host, you can reliably and securely receive notifications within your limited network environment.

If you found this solution helpful, consider accepting it.
Please sign in to rate this answer.

1 person found this answer helpful.
Lee, Jong Kwan 20 Reputation points

2024-05-12T23:34:39.7933333+00:00

thanks for the kind explanation,

but target machine receiving notification is mobile phone(android, iphone),

fore the security reason, some company do not allow internet connection from mobile, only allowing internal network(wifi),

this internal network can allow network only using fixed ip address.

Gowtham CP 2,215 Reputation points

2024-05-13T04:07:31.9633333+00:00

Hello Lee, Jong Kwan ,

In your limited network where mobile devices can only connect via fixed IP addresses, you can use Azure Event Grid with Webhooks. Your Function App sends events to Event Grid, which triggers a webhook within your network. This webhook, with a fixed IP, can then notify mobile devices through a custom app, ensuring secure notifications without direct internet access.

If you found this solution helpful, don't forget to upvote and accept as answer. Thank you!

Lee, Jong Kwan 20 Reputation points

2024-05-13T04:11:05.38+00:00

Hello Gowthan

we wan to use Notification Hub for the mobile Notification instead of Function App

Gowtham CP 2,215 Reputation points

2024-05-13T04:22:30.2666667+00:00

Hello Lee, Jong Kwan,

Yes, you can ensure secure notifications for mobile devices with fixed IP addresses using Azure Notification Hubs with Private Endpoints. Simply create a Notification Hub with a private endpoint, facilitating internal communication. Mobile apps can then register with this Hub, enabling devices to receive notifications internally. However, remember that this feature is in limited public preview, so exercise caution in production use.

Lee, Jong Kwan 20 Reputation points

2024-05-13T06:03:59.3166667+00:00

Hi

sorry, I can not find Azure Private Endpoints option on the Notification Hubs
how can we set Private Endpoints?
and does IP address of this Private Endpoints not change?

Gowtham CP 2,215 Reputation points

2024-05-13T06:12:52.1+00:00

Hey Lee, Jong Kwan

The Azure Private Endpoints option may not be readily visible due to its preview status. For guidance on enabling Private Endpoints for Notification Hubs, refer to Microsoft's documentation at this link: https://learn.microsoft.com/en-us/azure/notification-hubs/private-link

Private Endpoints use a static private IP address within the Virtual Network, providing heightened security by keeping it inaccessible from the internet while ensuring stability.

Gowtham CP 2,215 Reputation points

2024-05-14T06:40:38.6033333+00:00

Hello Lee, Jong Kwan

We haven't heard back from you. Could you please provide an update on your issue? If you have any questions or concerns, feel free to reach out to us. If the information provided has been helpful, please consider marking it as the accepted answer to close this case. Doing so will assist others with similar questions in finding solutions more easily.
Sign in to comment

2 additional answers

Lee, Jong Kwan 20 Reputation points

2024-05-14T06:45:04.6566667+00:00

Hi Cowthan

great thanks for the sharing knowledge,

but we want to use fixed public ip address for the notification hub,

because we can not create vpn between our network and azure private network.

we can only allow fixed ip address using notification hub including inbound and outbound
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
ajkuma 23,181 Reputation points Microsoft Employee

2024-05-15T19:39:41.7133333+00:00

Based on my understanding of your scenario, to could try allowing mobile notifications through services like Firebase Cloud Messaging (FCM) or GCM while using a fixed open IP address, you'll need to configure your network to permit traffic to specific IP addresses and ports used by these services.

Typically, with the required IP addresses and ports identified, you need to configure your network to allow outgoing traffic to these addresses. This usually involves setting up firewall rules or access control lists (ACLs) on your router or firewall.

Note: be aware that using a fixed open IP address can be less secure compared to using a VPN or other secure connection methods. It is important to implement appropriate security measures to protect your network and devices from unauthorized access.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

How can I set the Notification receiving IP address to a fixed IP address?

2 additional answers