Configure domain name firewall rules

  • Article

If your corporate firewall blocks traffic based on domain names, you must allow HTTPS and WebSocket traffic to Azure Databricks domain names to ensure access to Azure Databricks resources. You can choose between two options, one more permissive but easier to configure, the other specific to your workspace domains.

Option 1: Allow traffic to *.databricks.azure.cn

Update your firewall rules to allow HTTPS and WebSocket traffic to *.databricks.azure.cn (or *.databricks.azure.us if your workspace is an Azure operated by 21Vianet resource). This is more permissive than option 2, but it saves you the effort of updating firewall rules for each Azure Databricks workspace in your account.

Option 2: Allow traffic to your Azure Databricks workspaces only

If you choose to configure firewall rules for each workspace in your account, you must:

  1. Identify your workspace domains.

    Every Azure Databricks resource has two unique domain names. You can find the first by going to the Azure Databricks resource in the Azure Portal.

    Workspace URL

    The URL field displays a URL in the format https://adb-<digits>.<digits>.databricks.azure.cn, for example https://adb-1666506161514800.0.databricks.azure.cn. Remove https:// to get the first domain name.

    The second domain name is exactly the same as the first, except that it has an adb-dp- prefix instead of adb-. For example, if your first domain name is adb-1666506161514800.0.databricks.azure.cn, the second domain name is adb-dp-1666506161514800.0.databricks.azure.cn.

  2. Update your firewall rules.

    Update your firewall rules to allow HTTPS and WebSocket traffic to the two domains identified in step 1.