Azure Synapse Analytics IP firewall rules
This article will explain IP firewall rules and teach you how to configure them in Azure Synapse Analytics.
IP firewall rules
IP firewall rules grant or deny access to your Azure Synapse workspace based on the originating IP address of each request. You can configure IP firewall rules for your workspace. IP firewall rules configured at the workspace level apply to all public endpoints of the workspace (dedicated SQL pools, serverless SQL pool, and development). The maximum number of IP firewall rules is limited to 128. If you have the Allow Azure Services and resources to access this server setting enabled, this counts as a single firewall rule for the workspace.
Create and manage IP firewall rules
There are two ways IP firewall rules are added to an Azure Synapse workspace. To add an IP firewall to your workspace, select Networking and check Allow connections from all IP addresses during workspace creation.
Important
This feature is only available to Azure Synapse workspaces not associated with a Managed VNet.
You can also add IP firewall rules to a Synapse workspace after the workspace is created. Select Firewalls under Security from Azure portal. To add a new IP firewall rule, give it a name, Start IP, and End IP. Select Save when done.
Note
The Public network access feature is only available to Azure Synapse workspaces associated with Azure Synapse Analytics Managed Virtual Network. However, you can still open your Azure Synapse workspaces to the public network regardless of its association with managed VNet. For more information, see Public network access.
Connect to Azure Synapse from your own network
You can connect to your Synapse workspace using Synapse Studio. You can also use SQL Server Management Studio (SSMS) to connect to the SQL resources (dedicated SQL pools and serverless SQL pool) in your workspace.
Make sure that the firewall on your network and local computer allows outgoing communication on TCP ports 80, 443 and 1443. These ports are used by Synapse Studio.
To connect using tools such as SSMS and Power BI, you must allow outgoing communication on TCP port 1433. The 1433 port used by SSMS (Desktop Application).
Manage the Azure Synapse workspace firewall
For more information on managing the firewall, see the Azure SQL documentation to manage server-level firewalls. Azure Synapse only supports server-level IP firewall rules. It doesn't support database-level IP firewall rules.
For more information on the methods to manage the firewall programmatically, see:
Next steps
- Create an Azure Synapse Workspace
- Create an Azure Synapse workspace with a Managed workspace Virtual Network
- Troubleshoot Azure Private Link connectivity problems
- Troubleshoot Azure Private Endpoint connectivity problems