Intra-region connectivity not supported by firewall

[markor002002]

This is a major limitation that is still not well documented!

If you set public access to 'Enabled from selected virtual networks and IP addresses' and add Firewall IP ranges, it becomes impossible to establish an SFTP connection from Azure subscription but within the same region as the storage account. This can be different subscription or azure tenant!!! Whitelisting Resource instances also doesn't work - access to blob storage via ADF or access to SFTP blob storage via ADF.

Technically this mean that SFTP server can only be accessible outside of Azure! This is a major limitation! No one leaves SFTP server open to internet without firewall.

I am surprised that Microsoft has not documented or solved this issue-limit.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 2632af75-7664-b79b-ac5b-c7c17e6a609a
• Version Independent ID: 6ecf71b6-77c4-3ab6-8ec9-353ea407d70f
• Content: Configure Azure Storage firewalls and virtual networks
• Content Source: articles/storage/common/storage-network-security.md
• Service: azure-storage
• Sub-service: storage-common-concepts
• GitHub Login: @normesta
• Microsoft Alias: normesta

[TPavanBalaji]

@markor002002 Thank you for bringing this to our attention. I've delegated this to content author, who will review it and offer their insightful opinions.