How to configure Azure Storage firewall with AzureCognitiveSearch IP address Ranges

[kspoojary]

How to configure Azure Storage firewall with AzureCognitiveSearch IP address Ranges when storage account has the IP rule limited to 100, where as AzureCognitiveSearch has more then 100 IP address ranges?

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 6da7e922-b280-ba87-bc51-3805606d3f27
• Version Independent ID: 4769a1a6-2286-2515-aa22-5406e8b89c3f
• Content: Troubleshoot common search indexer issues - Azure Cognitive Search
• Content Source: articles/search/search-indexer-troubleshooting.md
• Service: cognitive-search
• GitHub Login: @mgottein
• Microsoft Alias: magottei

[NavtejSaini-MSFT]

@kspoojary We are checking this and we will get back to you regarding the same.

[BryanTrach-MSFT]

There are a few options that you have.

1. Use this document. Find the region that your Azure Cognitive Search service is running in. Each region only has a few IPs for Cognitive Search, which makes life easier.
2. Place your cognitive search service into a virtual network and then add the virtual network to your Azure Storage Account firewall.

We will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion and we will reopen the issue.

[kspoojary]

Hi @BryanTrach-MSFT , The link you shared https://docs.microsoft.com/en-us/azure/cognitive-services/cognitive-services-virtual-networks?tabs=portal is to set up virtual network for Azure Convective Services but I am using Azure Search service and we do not have option to set the vnet in search service. But I tried using Private endpoint for search service and added the subnet used for private endpoint to the storage Vnet rules and added all the AzureCognitiveSearch IPs in IP Rule, but I am not able to create the indexer , I am always getting below error Error with data source: Credentials provided in the connection string are invalid or have expired.\r\nFor more informatio n on troubleshooting connection issues to Azure Storage accounts, please see https://go.microsoft.com/fwlink/?linkid=2049388 Please adjust your data so urce definition in order to proceed.

Subnet1 address space : 10.2.3.0/24 PrivateEndpoint1 private IP : 10.2.3.5 Subnet1 is already added to storage vnet rule along with IP rule (Azure cognitive Search IPs)

Can you please let me know what IP rule and Vnet rule I have to set , If my search service is using PrivateEndpoint1 in Subnet1

Note: Storage account and search service are in the same region

[sandeep57]

Creating shared private access from cognitive search to the blob storage should solve the issue