Data factory on VNET and NAT gateway

Christiansen, Frank Weier 1 Reputation point
2022-12-01T17:13:57.78+00:00

Hi

I need to connect datafactory to a VNET and direct the traffic through a NAT gateway to a storage account in another AD tenant, but cant get it to work, and I am starting to wonder if it can be done at all.

The reason for doing this, is that I can use a storage accounts built in firewall to limit trafic from the NAT gateway.
Currently I am using the NAT Gateway, but I will be using a firewall later on. However the setup is the same either way what network traffic concerns.

What I have done:
First off all I have created a VNET/Subnet where I have my NAT gateway placed
Setup custom routes to direct 0.0.0.0/0 trafic from subnets in that VNET to the NAT gateway
Setup firewall restrictions on the storage account to only allow traffic from the public ip of the nat gateway.

  1. Attempt
    Creating a private endpoint, and setup data factories build in Integration runtime to connect the storage account.
    Datafactory is not using the endpoint for that, since it can not connect to the storage account without removing the firewall restrictions.
  2. Attempt
    Setup data factorys build in Integration runtime to connect the storage account, and using the managed VNET.
    The same result, it does not connect to the storage account unless I remove the IP restriction on the storage account

Does anyone know if this scenario can work at all, or if it can, how should I proceed?

I do not want to install a VM with Integration runtime on the network. I guess it would solve the issue, but it is just adding complexity, more to maintain, added cost, and also it needs to be restarted whenever patching needs to be done.

Any help at all will be greatly appreciated,

Best Regards
Frank

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,554 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,010 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.