Hi,
Any idea where these IPs are coming from
This is simple to answer using ip lookup online tools like this (you can check any IP you want in the same way):
https://whatismyipaddress.com/ip/205.210.31.31
Hostname: 205.210.31.31
ASN: 396982
ISP: Palo Alto Networks Inc
Services: Datacenter
Assignment: Likely Static IP
Country: United States
State/Region: California
City: Santa Clara
When we set this rule to Deny, it blocks all the traffic originating from the two regions.
This is the expected behavior.
The remote IP addresses seem to be all from Microsoft DCs located outside the two regions. For example, 205.210.31.31, 147.243.135.105 etc.
Are you saying that these IP are denied and they are outside the two regions?
Can another role be the source of this deny maybe? Maybe these simply not in the Azure and therefore denied...
For example, 205.210.31.31, 147.243.135.105 etc.
You configured rule based on "Geo Location"
and not by IP.
Who told you that these IP are related to a service from Azure?
I checked a few IP Lockup tools and none of them recognize it as Azure IP
The source IP might be in a different area in the world but not in Azure datacenter.
The ranges of IP which Azure uses is not a secret and you can download all the the information in a JSON file from here:
https://www.microsoft.com/en-us/download/details.aspx?id=56519
I downloaded the file and I do not find these IP in any range, but maybe I missed it.
There is no range that start with 205 (but maybe there is a wider range which include all these IP)
Note! Highly recommended for most cases!
Instead of setting Deny rule, you should deny all and set an Accept role. Set an approve role for the regions which you want to approve. It is much more secure and might solve your issue as well.
how to fix the issue, ie. allow traffic only from the two regions?
This is exactly NOT what you did. You denied traffic from the two region and not "allow traffic only from the two regions"
Change the role to "Allow Traffic"
for this result