Working with CosmosDB using point to site VPN connection with dynamic public IP

Sergey Gorbushin 21 Reputation points
2021-01-27T13:38:47.197+00:00

Hi! I'm trying to work with Cosmos DB using point to site VPN connection, but Firewall doesn't allow to operate with DB witout adding my public IP address. Not all of our developers (working home now) have a static IP address, so its could be a problem to add every day a new batch of IP addresses and delete a previous one.
How can we securely work with Cosmos DB using point to site VPN connections without updating our IP adresses at Firewall day to day?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,411 questions
Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,470 questions
{count} votes

1 answer

Sort by: Most helpful
  1. KalyanChanumolu-MSFT 8,316 Reputation points
    2021-02-01T11:37:17.117+00:00

    @Sergey Gorbushin

    You will have to configure a service endpoint to allow traffic from the GatewaySubnet to the Cosmos account.
    When a service endpoint for your Azure Cosmos DB account is enabled on a subnet, the source of the traffic that reaches Azure Cosmos DB switches from a public IP to a virtual network and subnet.

    The steps with screenshots are here
    Do let us know if you have any further questions.

    ----------

    If an answer is helpful, please "Accept answer" or "Up-Vote" for the same which might be beneficial to other community members reading this thread.

    0 comments No comments