Traffic Manager IP addresses from which the health checks originate fixed or subject to change?

[ghost]

Hello,

Regarding the FAQ item:
What are the IP addresses from which the health checks originate?

Is the published list of IPs subject to change or fixed indefinitely? And assuming its subject to change, how will Microsoft communicate the change to us?

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: d9522edc-ac04-6c89-e061-59fa788e28ed
• Version Independent ID: 4cafaeee-5b0a-7f50-7c71-a8c3abf4e881
• Content: Azure Traffic Manager - FAQs
• Content Source: articles/traffic-manager/traffic-manager-FAQs.md
• Service: traffic-manager
• GitHub Login: @duongau
• Microsoft Alias: duau

[GitaraniSharma-MSFT]

@AElharouny , thank you for your question, We'll review this and get back to you shortly.

[GitaraniSharma-MSFT]

@AElharouny , the JSON file containing the IP addresses from which the Traffic Manager health checks originates are updated from the below file:
https://www.microsoft.com/en-us/download/details.aspx?id=56519

And this file is updated on a weekly basis as mentioned in the details:
This file is updated weekly. New ranges appearing in the file will not be used in Azure for at least one week. Please download the new json file every week and perform the necessary changes at your site to correctly identify services running in Azure.

If we check the change number in the main file, we can see that the Traffic manager health check IPs have changed twice so far:
"name": "AzureTrafficManager",
"id": "AzureTrafficManager",
"properties": {
"changeNumber": 2,
"region": "",
"regionId": 0,
"platform": "Azure",
"systemService": "AzureTrafficManager",

Also, this JSON file is automatically updated from the main file if there are any changes.

However, I am checking with the backend team with the frequency of changes (if any) for the Traffic manager health check IPs and will provide an update soon.

[GitaraniSharma-MSFT]

@AElharouny , while we are waiting for the backend team to confirm about the IP changes, may I know more about your scenario? Because if you want to open traffic from these IP addresses for some NSG rule then you can simple use the service tag AzureTrafficManager.

[ghost]

We wanted to apply IP restriction to an App Service. I asked the question before discovering that Service Tags are recently supported in APP Service access restriction. So we aren't going to use the IP list anymore. The answer is just needed for our information now.

[GitaraniSharma-MSFT]

@AElharouny , thank you for the update. I will provide an answer as soon as I hear from the backend team.

[GitaraniSharma-MSFT]

@AElharouny , I received an update from the backend team that the Traffic Manager probe source IP doesn't change frequently but if they do, the only way to check that is through the JSON file as it is updated weekly or you can use AzureTrafficManager tag which will automatically include the updated IP addresses (if any).

We are closing this issue for now. If there are further questions regarding this matter, please reply and we will gladly continue the discussion.