Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
Element115
Power Participant
Power Participant

DATAFLOW and ON-PREM DB connectivity solution

‎03-13-2024 02:51 PM

ISSUE:

All sorts of connectivity issues related to using one dataflow gen 2 only to extract data from an on-prem DB via the Power BI data gateway. 

 

SOLUTION:

Even though in the firewall port 1433 was open for the various Fabric endpoints or wildcard FQDNs

 

Protocol: TCP
Endpoints: *.datawarehouse.pbidedicated.windows.net, *.datawarehouse.fabric.microsoft.com, *.dfs.fabric.microsoft.com
Port: 1433

 

 

as stated per this Microsoft documentation page: On-premises data gateway considerations for data destinations in Dataflow Gen2 - Microsoft Fabric | ...

 

it only worked once my sysadmin specified 0.0.0.0 TCP/1433 to all WAN facing destinations (ie no restrictions to particular endpoints or FQDNs), and all DB networking errors go away, as well as all connectivity issues between Fabric dataflows and the on-prem DB.

 

The only question I have left is this (considering that most people who will read the troubleshooting document are not network admins, but Fabric or business/analyst users, with a few exceptions knowing about networking and firewalls):  Why can't this be mentioned clearly and in bold in the Microsoft Fabric documentation?  And if it is, where is it exactly?  Could have saved us and others and support a lot of grief.

Labels:
Message 1 of 7
1,146 Views
6 REPLIES 6
motoray
Helper V
Helper V

‎03-13-2024 03:50 PM

@Element115, I'm not 100% sure I understand what you mean with the statement:

"his case there is already one baked in the firewall--the open TCP/1433 to all traffic rule"

 

Are you saying that you basically have a firewall rule set up that allows TCP/1433 to anything internally from anything externally? Or are you only allowing anything externally to your gateway server? Or something else?

Message 2 of 7
1,119 Views
0
Element115
Power Participant
Power Participant
In response to motoray

‎03-13-2024 03:55 PM

@motoray Yeah, sorry , that was poorly phrased and I edited my OP to make it more clear (hopefully ;-)).

But in a nutshell:

 

WAN (internet) Destination == all

Services (ie traffic restriction rules) going from the machine running the gateway out to the internet we do not specify any endpoint (ie wildcard FQDN) as in the MS documentation, rather only 0.0.0.0 for the endpoint over TCP on port 1433.

 

Which means, any local application generating TCP traffic over port 1433 will be allowed through the firewall and to its destination on the internet.  

 

As to the converse, ie any TCP traffic over 1433 in the direction of the server running the data gateway on the LAN will have to pass through the Microsoft data gateway first. My sysadmin explained that the gateway filters all traffic over 1433 and thus takes care of accepting only legitimate 1433 traffic from Microsoft before relaying it to the DB server.  This makes me wonder about the potential security implications, what about SQL injections and the like...?

Message 3 of 7
1,118 Views
motoray
Helper V
Helper V
In response to Element115

‎03-13-2024 04:00 PM

Thanks--that clears it up.

Message 4 of 7
1,116 Views
0
Element115
Power Participant
Power Participant
In response to motoray

‎03-14-2024 03:00 PM

.

Message 5 of 7
1,068 Views
0
Joshrodgers123
Advocate V
Advocate V
In response to Element115

‎03-14-2024 04:57 PM

We went through this craziness today. 

 

We found that you also need to allow "*.pbidedicated.windows.net", not just "*.datawarehouse.pbidedicated.windows.net"

Message 6 of 7
1,057 Views
0
v-nikhilan-msft
Community Support
Community Support
In response to Joshrodgers123

‎03-19-2024 10:41 PM

Hi @Element115 
I have updated the internal team regarding this issue. They are working on it.
Appreciate your patience.

Message 7 of 7
979 Views

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All
Top Solution Authors
View All