Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure Cosmos DB for MongoDB (vCore) allows you to configure firewall settings to secure database access. This article explains how to grant access from specific IP addresses, Azure services, or IP ranges to ensure secure connectivity.
Note
Firewall changes might take up to 15 minutes to propagate, and the firewall might behave inconsistently during this period. Ensure you plan accordingly when making updates to your firewall settings.
Prerequisites
- An existing Azure Cosmos DB for MongoDB (vCore) cluster.
Grant access from your IP address
To allow access to your Azure Cosmos DB account from your current IP address, you need to configure the firewall settings. This configuration ensures that only your current IP address can interact with the database securely.
Sign in to the Azure portal (https://portal.azure.com).
Navigate to the Azure Cosmos DB for MongoDB (vCore) cluster.
Select Networking from the navigation menu.
On the Networking page, select the + Add current client IP address option to automatically add your current IP address to the allowed list.
Select Save to apply the changes.
Grant access from Azure services
Azure services can be granted access to your Azure Cosmos DB account by enabling specific settings. This configuration allows services like Azure Functions or Stream Analytics to interact with your database seamlessly.
In the Networking section of your cluster, locate the Allow public access from Azure resources and services option.
Toggle the switch to enable access for Azure services.
Save the changes to ensure Azure services can connect to your account.
Grant access to specific IP address ranges
You can configure the firewall to allow access from specific IP address ranges. This option is useful for granting access to multiple machines or services within a defined network.
Go to the Networking section in the Azure portal for your Azure Cosmos DB account.
Under Firewall and virtual networks, add the desired IP ranges in Classless Inter-Domain Routing (CIDR) format (for example,
192.168.1.0/24).Optionally, select the Add 0.0.0.0 - 255.255.255.255 option to
Warning
This option configures the firewall to allow all requests from Azure, including requests from the subscriptions of other customers deployed in Azure. The list of IPs allowed by this option is wide, so it limits the effectiveness of a firewall policy. Use this option with caution.
Confirm the entries and then select Save to update the firewall rules.