How to apply my client VPN access/IP whitelisting to my SFTP server at azure

Rakesh Kamboj 60 Reputation points
2024-02-29T08:00:07.2666667+00:00

I want to create SFTP server with storage in my azure account. I am required to whitelist IP access to my SFTP server at azure so they can access files from my SFTP. Please help with steps.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,675 questions
0 comments No comments
{count} votes

Accepted answer
  1. Nehruji R 1,586 Reputation points Microsoft Vendor
    2024-03-05T06:52:18.3366667+00:00

    Hello Rakesh Kamboj,

    Greetings! Welcome to Microsoft Q&A Forum.

    I understand that you would like to create SFTP server with storage account in azure and to whitelist IP access to SFTP server so that it can access files from SFTP.

    • Create a standard general-purpose v2 or premium block blob storage account and enable SFTP support during account creation.
    • Ensure that the hierarchical namespace feature is enabled. If not, follow the instructions to upgrade your storage account with Azure Data Lake Storage Gen2 capabilities.
    • Under Settings, select SFTP (this option appears only if the hierarchical namespace feature is enabled), click Enable SFTP. If no local users appear, add at least one of them (see next section).
    • To whitelist specific IPs:
                Deploy an Azure Firewall in a virtual network.
      
                Configure DNAT rules to translate SFTP traffic to the storage account container.
      
                Associate the storage account container with a private endpoint to allow access from the                   firewall.
      
                Connect to the container using the firewall public IP address and the storage account                         container name.
      
    • Refer - https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support-how-to?tabs=azure-portal This will guide you through creating your SFTP server while ensuring secure and authorized access for your clients.

    Hope this answer helps! Please let us know if you have any further queries. I’m happy to assist you further.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Q&A Assist
    2024-02-29T08:00:07.27+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To apply client VPN access and IP whitelisting to your SFTP server in Azure, you can configure Azure Storage firewalls and virtual networks. Here are the steps:

    1. Disable all public network access for the storage account under the Public network access setting in the storage account firewall.
    2. Configure private links to your storage account from private endpoints on virtual network subnets where the clients reside that require access to your data.
    3. If client applications require access over the public endpoints, change the Public network access setting to Enabled from selected virtual networks and IP addresses. Then, specify the virtual network subnets from which you want to allow access and the public IP address ranges of clients from which you want to allow access, such as those on on-premises networks.

    For more information and detailed steps, please see the "Configure Azure Storage firewalls and virtual networks" section in the "Configure network access to Azure Storage" article in the Context Url below.


    References:

    1 person found this answer helpful.
    0 comments No comments