You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/cosmos-db/vnet-service-endpoint.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,7 +30,7 @@ There are two steps required to limit access to Azure Cosmos account from a subn
30
30
31
31
### Will virtual network ACLs and IP Firewall reject requests or connections?
32
32
33
-
When IP firewall or virtual network access rules are added, only requests from allowed sources get valid responses. Other requests are rejected with a 403 (Forbidden). It is important to distinguish Azure Cosmos account's firewall from a connection level firewall. The source can still connect to the service and the connections themselves aren’t rejected.
33
+
When IP firewall or virtual network access rules are added, only requests from allowed sources get valid responses. Other requests are rejected with a 403 (Forbidden). It is important to distinguish Azure Cosmos account's firewall from a connection level firewall. The source can still connect to the service and the connections themselves aren't rejected.
34
34
35
35
### My requests started getting blocked when I enabled service endpoint to Azure Cosmos DB on the subnet. What happened?
36
36
@@ -46,7 +46,7 @@ The authorization validates permission for VNet resource action even if the user
46
46
Only virtual network and their subnets added to Azure Cosmos account have access. Their peered VNets cannot access the account until the subnets within peered virtual networks are added to the account.
47
47
48
48
### What is the maximum number of subnets allowed to access a single Cosmos account?
49
-
Currently, you can have at most 64 subnets allowed for an Azure Cosmos account.
49
+
Currently, you can have at most 256 subnets allowed for an Azure Cosmos account.
50
50
51
51
### Can I enable access from VPN and Express Route?
52
52
For accessing Azure Cosmos account over Express route from on premises, you would need to enable Microsoft peering. Once you put IP firewall or virtual network access rules, you can add the public IP addresses used for Microsoft peering on your Azure Cosmos account IP firewall to allow on premises services access to Azure Cosmos account.
@@ -55,7 +55,7 @@ For accessing Azure Cosmos account over Express route from on premises, you woul
55
55
NSG rules are used to limit connectivity to and from a subnet with virtual network. When you add service endpoint for Azure Cosmos DB to the subnet, there is no need to open outbound connectivity in NSG for your Azure Cosmos account.
56
56
57
57
### Are service endpoints available for all VNets?
58
-
No, Only Azure Resource Manager virtual networks can have service endpoint enabled. Classic virtual networks don’t support service endpoints.
58
+
No, Only Azure Resource Manager virtual networks can have service endpoint enabled. Classic virtual networks don't support service endpoints.
59
59
60
60
### Can I "Accept connections from within public Azure datacenters" when service endpoint access is enabled for Azure Cosmos DB?
61
61
This is required only when you want your Azure Cosmos DB account to be accessed by other Azure first party services like Azure Data factory, Azure Cognitive Search or any service that is deployed in given Azure region.
0 commit comments