How to whitelist on-premise network's NAT IP in IoT Hub

Satyam Chauhan 542 Reputation points
2023-07-20T15:05:45.9333333+00:00

Hi,

I have a IoT Hub on which I want to whitelist the on-premise IoT edge server. But the on-premise iot edge server is in a corporate network and it is not straightforward to get the IoT edge server's IP. There are proxy servers and NAT ip addresses.

So, what IP address from on-premise I should use to whitelist IoT edge server on IoT Hub. Because IoT edge modules will push data to IoT Hub. Also the IoT Edge server should also be able to pull the containers (IoT Edge Modules) from the azure container registry.

Please help me to resolve the issue.

Azure IoT
Azure IoT
A category of Azure services for internet of things devices.
391 questions
Azure IoT Edge
Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
557 questions
Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,149 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. LeelaRajeshSayana-MSFT 13,951 Reputation points
    2023-07-25T17:03:36.6433333+00:00

    Hi @Satyam Chauhan Apologies for the delayed update on this issue. IoT Hub hosted in a private endpoint currently only supports white listing of IP addresses to allow connection from end points.

    I understand your IoT Edge device is behind proxy servers and NAT Ip's. You may need to configure your proxy server and NAT device to allow traffic to the IP address. Here are few steps that would help you achieve this.

    1. Determine the public IP address of the NAT device that the IoT Edge device is behind. You can use a service like http://checkip.dyndns.org to determine the public IP address.
    2. Configure the NAT device to forward traffic from the IoT Edge device to the private IP address of the IoT Hub. You will need to forward traffic on the ports used by the IoT Hub (e.g. 8883 for MQTT, 5671 for AMQP).
    3. Configure the proxy server to allow traffic from the IoT Edge device to the private IP address of the IoT Hub. You may need to configure the proxy server to allow traffic on the ports used by the IoT Hub.
    4. In the Azure portal, navigate to your IoT Hub and click on "Firewalls and virtual networks" under the "Settings" section.
    5. Click on "Add your client IP" to add the public IP address of the NAT device to the allowed IP addresses list. This should allow traffic from the IoT Edge device to access the IoT Hub.

    If you need further assistance with this issue, I request you to create a support ticket. If you do not have access to a support plan, could you please send an email with the below details, so that we can work closely on this matter. 

    Thread URL: Link to this thread. 
    Azure Subscription ID: 
    Email Subject : Attn Leela