Configure IP firewall for Azure Event Grid namespaces (MQTT)

By default, Event Grid namespaces and entities in them such as Message Queuing Telemetry Transport (MQTT) topic spaces are accessible from internet as long as the request comes with valid authentication (access key) and authorization. With IP firewall, you can restrict it further to only a set of IPv4 addresses or IPv4 address ranges in CIDR (Classless Inter-Domain Routing) notation. Only the MQTT clients that fall into the allowed IP range can connect to publish and subscribe. Clients originating from any other IP address are rejected and receive a 403 (Forbidden) response. For more information about network security features supported by Event Grid, see Network security for Event Grid.

This article describes how to configure IP firewall settings for an Event Grid namespace. For complete steps for creating a namespace, see Create and manage namespaces.

Create a namespace with IP firewall settings

1. On the Networking page, if you want to allow clients to connect to the namespace endpoint via a public IP address, select Public access for Connectivity method if it's not already selected.

2. You can restrict access to the topic from specific IP addresses by specifying values for the Address range field. Specify a single IPv4 address or a range of IP addresses in Classless inter-domain routing (CIDR) notation.

   

Update a namespace with IP firewall settings

1. Sign-in to the Azure portal.

2. In the search box, enter Event Grid Namespaces and select Event Grid Namespaces from the results.

   

3. Select your Event Grid namespace in the list to open the Event Grid Namespace page for your namespace.

4. On the Event Grid Namespace page, select Networking on the left menu.

5. Specify values for the Address range field. Specify a single IPv4 address or a range of IP addresses in Classless inter-domain routing (CIDR) notation.

   

Next steps

See Allow access via private endpoints.