Configure domain name firewall rules
If your corporate firewall blocks traffic based on domain names, you must allow HTTPS and WebSocket traffic to Azure Databricks domain names to ensure access to Azure Databricks resources. You can choose between two options, one more permissive but easier to configure, the other specific to your workspace domains.
Option 1: Allow traffic to *.databricks.azure.cn
Update your firewall rules to allow HTTPS and WebSocket traffic to *.databricks.azure.cn
(or *.databricks.azure.us
if your workspace is an Azure operated by 21Vianet resource). This is more permissive than option 2, but it saves you the effort of updating firewall rules for each Azure Databricks workspace in your account.
Option 2: Allow traffic to your Azure Databricks workspaces only
If you choose to configure firewall rules for each workspace in your account, you must:
Identify your workspace domains.
Every Azure Databricks resource has two unique domain names. You can find the first by going to the Azure Databricks resource in the Azure Portal.
The URL field displays a URL in the format
https://adb-<digits>.<digits>.databricks.azure.cn
, for examplehttps://adb-1666506161514800.0.databricks.azure.cn
. Removehttps://
to get the first domain name.The second domain name is exactly the same as the first, except that it has an
adb-dp-
prefix instead ofadb-
. For example, if your first domain name isadb-1666506161514800.0.databricks.azure.cn
, the second domain name isadb-dp-1666506161514800.0.databricks.azure.cn
.Update your firewall rules.
Update your firewall rules to allow HTTPS and WebSocket traffic to the two domains identified in step 1.