Firewall rule specification for OpenAI

Patrycja Stanislawczyk 0 Reputation points
2024-02-07T10:20:16.7933333+00:00

I have configured a private endpoint for OpenAI to connect to the on-premises network. I also need to configure firewall rules for the OpenAI service, but I can't find specifications in the documentation regarding the required ports/FQDNs etc https://learn.microsoft.com/en-us/azure/ai-services/cognitive-services-virtual-networks?context=%2Fazure%2Fai-services%2Fopenai%2Fcontext%2Fcontext&tabs=portal want to make the service generally available from the network, not limited to the current instance. is this possible?

Azure OpenAI Service
Azure OpenAI Service
An Azure service that provides access to OpenAI’s GPT-3 models with enterprise capabilities.
1,880 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sina Salam 2,296 Reputation points
    2024-02-07T14:01:20.3833333+00:00

    Hello @Patrycja Stanislawczyk

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    While the documentation you referenced doesn't provide specific information about the ports or FQDNs used by OpenAI to configure your firewall.

    Since you've configured a private endpoint for OpenAI, you'll also need to allow inbound traffic from the OpenAI service to your network through the private endpoint. Also, as typically norms, outbound traffic needs to be allowed from your network to the endpoints used by the OpenAI service too.

    Three major things you will need to do:

    1. Allow outbound traffic from your network to the OpenAI service endpoints with specific protocol like HTTPS, with your private endpoint, make sure that the outbound traffic is allowed to reach the private endpoint IP address.
    2. Based on your previous configurations, configure inbound rules to allow traffic from the OpenAI service to your network through the private endpoint. Specify the necessary protocol as above, also restrict inbound access to only the necessary IP addresses or ranges used by the OpenAI service to enhance security.
    3. This is additional options:
      1. Make sure any network security groups or firewall rules in your Azure environment allow the required traffic.
      2. Configure a public endpoint if you want to allow access to the OpenAI service from outside your network.
      3. Implementing a VPN solution to securely connect your network to the OpenAI service.
      4. Perform network traffic analysis or consult with your network security team to determine the necessary configurations.

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution. Best Regards, Sina Salam

    0 comments No comments