1

My customer (a legal firm) has an Azure Analysis Services database. Access to the model is tightly controlled to prevent leakage of confidential data. Employees who need to access the model whilst working from home can only do so if their public IP address has been whitelisted by adding a firewall rule to the server. However, the company VPN software (which is always on and cannot be disabled by users) assigns a new IP address each time they log on, which means the firewall rules need constant updating.

Is there an easier to maintain/update the firewall rules in such a scenario? I don't know the specifics of the VPN software, so not sure to what extent it can assign the same IP address to each user.

Jazza
  • 135
  • 6

1 Answers1

0

You only really have a few options here:

  • Change the VPN to use a static outbound IP (or list of IP's). This is a fairly common requirement for VPN
  • Connect your VPN network directly to Azure using either Azure VPN or Express Route, configure Private Endpoints for your database in Azure to route traffic over the private network when on the VPN
  • Grant users rights to add IP's to the SQL firewall (and provide the training on how to do this), not reccomended.
Sam Cogan
  • 38,158
  • 6
  • 77
  • 113