This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 9%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
What we are trying to do is create a workflow action "Upload file content" which takes me to fill in details as below using sftp server , username and password and port, but no luck
What we did is below:
Still we are not able to create a workflow action. Please advice what is missing.
An Azure service that automates the access and use of data across clouds without writing code.
Thank you @siddheshdesai. But for managed SFTP SSH connector , we did not do any whitelisting or anything , it works , does it mean every thing is managed by the service itself. Is it by design? Just trying to understand. Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 14.000000000000002%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Hi @VijAz
The SFTP‑SSH (Managed) connector is fully managed by Microsoft and is not deprecated (only the older “SFTP managed” connector is deprecated). With this connector, Microsoft handles networking, scaling, and outbound connectivity. If your SFTP server is publicly accessible, it may work without any additional whitelisting, which explains why you observed it working successfully. This behavior is expected and by design.
SFTP Builtin connector worked with whitelisting only NAT Gateway. Earlier we had misconfigured or not properly configured whitelisting. Corrected it and it worked.
Hi @VijAz
Thank you for reaching out to Microsoft Q&A.
In order to resolve this issue, Refer the solution below:
Whitelist Azure Logic Apps outbound IPs (official but broad)
You must whitelist Azure Logic Apps outbound IP ranges for your region, not the NAT Gateway IP.
Microsoft publishes these ranges, and this is the only supported way for SFTP (Built‑In)
Downsides:
Large IP list
Changes over time
Often rejected by security teams
Refer this document to troubleshoot same error: https://learn.microsoft.com/en-us/connectors/sftpwithssh/#504-error-a-connection-attempt-failed-because-the-connected-party-did-not-properly-respond-after-a-period-of-time-or-established-connection-failed-because-connected-host-has-failed-to-respond-or-request-to-the-sftp-server-has-taken-more-than-000030-seconds
Instead of using SFTP Built in connector use SFTP SSH managed connector: https://learn.microsoft.com/en-us/azure/connectors/connectors-sftp-ssh?tabs=consumption
This connector:
Has more predictable outbound behavior
Is commonly used when IP whitelisting is required
Still uses Azure service IPs (not NAT), but works reliably when whitelisted correctly
Enterprise‑grade fix (single outbound IP)
If your requirement is one fixed outbound IP:
Architecture
Logic App > Azure Function (VNET + NAT) > SFTP
Azure Function honors NAT Gateway
Single static outbound IP
Full SSH control, logging, retries
Widely used workaround in locked‑down environments The SFTP‑SSH (Managed) connector is fully managed by Microsoft and is not deprecated (only the older “SFTP managed” connector is deprecated). With this connector, Microsoft handles networking, scaling, and outbound connectivity. If your SFTP server is publicly accessible, it may work without any additional whitelisting, which explains why you observed it working successfully. This behavior is expected and by design.