Data factory on VNET and NAT gateway
Hi
I need to connect datafactory to a VNET and direct the traffic through a NAT gateway to a storage account in another AD tenant, but cant get it to work, and I am starting to wonder if it can be done at all.
The reason for doing this, is that I can use a storage accounts built in firewall to limit trafic from the NAT gateway.
Currently I am using the NAT Gateway, but I will be using a firewall later on. However the setup is the same either way what network traffic concerns.
What I have done:
First off all I have created a VNET/Subnet where I have my NAT gateway placed
Setup custom routes to direct 0.0.0.0/0 trafic from subnets in that VNET to the NAT gateway
Setup firewall restrictions on the storage account to only allow traffic from the public ip of the nat gateway.
- Attempt
Creating a private endpoint, and setup data factories build in Integration runtime to connect the storage account.
Datafactory is not using the endpoint for that, since it can not connect to the storage account without removing the firewall restrictions. - Attempt
Setup data factorys build in Integration runtime to connect the storage account, and using the managed VNET.
The same result, it does not connect to the storage account unless I remove the IP restriction on the storage account
Does anyone know if this scenario can work at all, or if it can, how should I proceed?
I do not want to install a VM with Integration runtime on the network. I guess it would solve the issue, but it is just adding complexity, more to maintain, added cost, and also it needs to be restarted whenever patching needs to be done.
Any help at all will be greatly appreciated,
Best Regards
Frank