Our on-premises application is failing to upload files to Azure Blob Storage with connection refused errors. We suspect the corporate firewall is blocking the traffic, but we’re not sure what specific rules need to be configured.
The application uses Azure Storage SDK v12 and connects to a storage account in West Europe region. Uploads work fine from developer laptops when connected to guest WiFi (bypassing corporate firewall), but fail from production servers.
Error message:
Microsoft.Azure.Storage.StorageException: Unable to connect
System.Net.Http.HttpRequestException: Connection refused
at System.Net.Http.ConnectHelper.ConnectAsync()
We need to know what firewall rules and Azure Storage endpoints need to be whitelisted for HTTPS connectivity. Our security team requires specific IP ranges and FQDNs to approve the firewall change request.
For your specific storage account, the FQDN would be: yourstorageaccount.blob.core.windows.net (replace with actual account name). Regarding service tags, yes! Azure provides the “Storage.WestEurope” service tag that includes all storage IP ranges for that region. This is the recommended approach as Microsoft manages the IP ranges automatically. Your firewall vendor should support Azure service tags if they’re modern enough. Check their documentation for implementation details.
Azure Storage uses HTTPS (port 443) for all blob operations, so your firewall needs to allow outbound connections on that port. However, instead of IP ranges which can change, you should whitelist the FQDN: *.blob.core.windows.net. Have your security team add this to the allowed domains list. Also verify your proxy settings if you’re using one.
Good news - security team confirmed our firewall supports Azure service tags. We’ve configured a rule allowing outbound HTTPS to Storage.WestEurope service tag. However, uploads are still failing with the same connection refused error. Could there be SSL inspection or certificate pinning issues? Our corporate firewall does perform SSL inspection on all HTTPS traffic.