Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If your corporate firewall blocks traffic based on ___domain names, you must allow HTTPS and WebSocket traffic to Azure Databricks ___domain names to ensure access to Azure Databricks resources. You can choose between two options, one more permissive but easier to configure, the other specific to your workspace domains.
Option 1: Allow traffic to *.azuredatabricks.net
Update your firewall rules to allow HTTPS and WebSocket traffic to *.azuredatabricks.net (or *.databricks.azure.us if your workspace is an Azure Government resource). This is more permissive than option 2, but it saves you the effort of updating firewall rules for each Azure Databricks workspace in your account.
Option 2: Allow traffic to your Azure Databricks workspaces only
If you choose to configure firewall rules for each workspace in your account, you must:
Identify your workspace domains.
Every Azure Databricks resource has two unique ___domain names. You can find the first by going to the Azure Databricks resource in the Azure Portal.
The URL field displays a URL in the format
https://adb-<digits>.<digits>.azuredatabricks.net, for examplehttps://adb-1666506161514800.0.azuredatabricks.net. Removehttps://to get the first ___domain name.The second ___domain name is exactly the same as the first, except that it has an
adb-dp-prefix instead ofadb-. For example, if your first ___domain name isadb-1666506161514800.0.azuredatabricks.net, the second ___domain name isadb-dp-1666506161514800.0.azuredatabricks.net.Update your firewall rules.
Update your firewall rules to allow HTTPS and WebSocket traffic to the two domains identified in step 1.
Allow traffic to CDN domains for UI assets
The Azure Databricks UI loads static assets, like CSS, JavaScript, and images, from Content Delivery Network (CDN) domains. Selectively blocking asset types, like allowing JavaScript but blocking CSS or font files, can break the UI.
To keep the UI working, allow all asset types from CDN domains.
https://databricks-ui-assets-v2-gsd4bmhzapcyenec.b02.azurefd.net- Azure Databricks UI assetshttps://*.cloud.databricksusercontent.com- Notebook assets
Firewall configuration recommendations
- Apply the same rules across all listed CDN domains.
- Avoid selective filtering of CSS, JavaScript, images, or font files.
- Allow HTTPS (port 443) to all CDN domains.