Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
lloetters
Frequent Visitor

Firewall Power BI Enterprise Gateway

Hi,

 

We have a customer, who liked to use the Power BI Enterprsie Gateway. The customer has an firewall installed that blocks all incoming traffic. We found a list with ports https://powerbi.microsoft.com/de-de/documentation/powerbi-gateway-enterprise/#ports here. The problem is the Firewall and Proxy can only pass Ip Adress no DNS adresses like

*.powerbi.com443HTTPS

 

Does anybody knows the full IP-Adresses for alle these Microsoft Services ? For your Customer it is very urgent. Thanks a lot.

 

*.powerbi.com443HTTPS
*.analysis.windows.net443HTTPS
*.login.windows.net443HTTPS
*.servicebus.windows.net5671-5672Advanced Message Queuing Protocol (AMQP)
*.servicebus.windows.net443, 9350-9354Listeners on Service Bus Relay over TCP (requires 443 for Access Control token acquisition)
*.frontend.clouddatahub.net443HTTPS
**.core.windows.net443HTTPS
login.microsoftonline.com443HTTPS
login.windows.net443HTTPS

 

 

Kind regards

Lukas

1 ACCEPTED SOLUTION

Here is the list of Azure Data Center IP's. Those ports are for Azure Service Bus and not Power BI specifically. We don't list IP ranges for specific services as the IPs can change based on service needs. This should get you what you need.

 

Microsoft Azure Datacenter IP Ranges
https://www.microsoft.com/en-us/download/details.aspx?id=41653

 

 

Adam W. Saxton | Microsoft Employee | Business Intelligence
@GuyInACube | youtube.com/guyinacube

View solution in original post

12 REPLIES 12
youssef_youssef
Frequent Visitor

Hello,

 

I know this thread is a bit old but I am facing the same issue with on-premise enterprise gateway and corporate firewall.

 

The tool fails to create/configure a gateway. I was able to extract these exceptions from the configurator logs. Your help is highly appreciated!

 

EnterpriseGatewayConfigurator.exe Information: 0 : backendUriFromService: https://wabi-north-europe-redirect.analysis.windows.net/
EnterpriseGatewayConfigurator.exe Warning: 0 : DiscoverUnifiedGateway returned exception: System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Net.Security._SslStream.EndRead(IAsyncResult asyncResult)
at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
at System.Net.Connection.ReadCallback(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.PowerBI.DataMovement.ExternalClient.PowerBIDataMovementClientExtensions.<GetUnifiedGatewayClustersRequireAdminAsync>d__40.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Microsoft.PowerBI.DataMovement.GatewayUiCommon.WizardViewModelBase.GetGatewayCollection(HttpClient gatewayHttpClient)
---> (Inner Exception #0) System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Net.Security._SslStream.EndRead(IAsyncResult asyncResult)
at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
at System.Net.Connection.ReadCallback(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.PowerBI.DataMovement.ExternalClient.PowerBIDataMovementClientExtensions.<GetUnifiedGatewayClustersRequireAdminAsync>d__40.MoveNext()<---

EnterpriseGatewayConfigurator.exe Information: 0 : Model gateway state: Unconfigured. 

Note that we have already configured firewall rules to allow traffic on the ports listed in https://docs.microsoft.com/en-us/data-integration/gateway/service-gateway-communication

elserafi
Regular Visitor

Dear All,

 

I have the same problem. My customer wants to add the IP ranges for PowerBI online services to be part of the exceptions to use the Data Gateway installed on their DMZ server to access PowerBI. Kindly advise if this is possible.

 

Thanks,

Mahmoud

elserafi
Regular Visitor

Dea

GuyInACube
Employee
Employee

These are outbound connections. Not inbound. Is outbound traffic on those items being blocked?

Adam W. Saxton | Microsoft Employee | Business Intelligence
@GuyInACube | youtube.com/guyinacube

Yes, outgoing communication to non standard-ports is being blocked

(standard 443) should be working

(non standard 5671-5672 and 9350-9354) is not working and agreed from firewall team that these ports a being blocked and target IPs are needed

Here is the list of Azure Data Center IP's. Those ports are for Azure Service Bus and not Power BI specifically. We don't list IP ranges for specific services as the IPs can change based on service needs. This should get you what you need.

 

Microsoft Azure Datacenter IP Ranges
https://www.microsoft.com/en-us/download/details.aspx?id=41653

 

 

Adam W. Saxton | Microsoft Employee | Business Intelligence
@GuyInACube | youtube.com/guyinacube

Hi there,

 

I know it was tagged as solved but in my case it didn't solve the problem.

 

So, we are facing the same problem a year later and the proposed solution is not quite practical for us. That files sums up about 3000 IP addresses.

 

In normal cases it's fine (nowadays firewalls are pretty good) but in our case we are in AWS environment and we use Security Groups (SG) and the maximum number of rules is 50.

 

The other alternative was to use the domain list provided in Power BI website but in that list there are wild cards for subdomains. That makes the situation harder because we would need a software (proxy) that can treat all requests and see if it's ok or not (that by itself can bring other security concerns)

 

Anyhow, I don't know if one year later a more elegant solution has been devised and if so please let us know.

 

Frank

Thank you for this hint.

 

I checked the download. It is currently not available 😞

I just tried it and it worked. It is just an xml file. This could change in the furture! for the benefit of other folks maybe seeing this in the future. Please try to download it from the above link first - as that will have the latest version!

 

I tried to attach the file, but it isn't letting me. Even if i rename it to .txt. 😞  Can you try the download page again?

Adam W. Saxton | Microsoft Employee | Business Intelligence
@GuyInACube | youtube.com/guyinacube

It's working again. The File includes a date and this was changed in the last days.

Now I got the list..

 

Thank you!

Hi thanks for you reply.

 

I can't download the file with the IP ranges. The file seems not be in place. Can you please send me a copy, if you have on?

 

Kind regards

 

Lukas

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors
Top Kudoed Authors