If your corporate firewall blocks traffic based on domain names, you must allow HTTPS and WebSocket traffic to Databricks domain names to ensure access to Databricks resources. You can choose between two options, one more permissive but easier to configure, the other specific to your workspace domains.
Update your firewall rules to allow HTTPS and WebSocket traffic to
*.cloud.databricks.com. This is more permissive than option 2, but it saves you the effort of updating firewall rules for each Databricks workspace in your account.
If you choose to configure firewall rules for each workspace in your account, you must:
Identify your workspace domains.
Your Databricks workspace uses two domain names. The first is the one that you use to log in, such as
yourcompany.cloud.databricks.comif you have a vanity domain name, or
dbc-<random-string>.cloud.databricks.comif you do not.
To find the second domain, log in to the first domain. After you log in, you should see
https://<first-domain>/?o=<workspace-id>in your browser address bar, where
<workspace-id>is a string of digits.
Some workspace types do not display a workspace ID in the logged-in URL. If you do not see a
?o=followed by a string of digits in the URL, contact your Databricks account team to get your workspace ID.
The second domain has the format
dbc-dp-<workspace-id>.cloud.databricks.com. For example, if the workspace ID is
123456, your second domain is
If you will need to access account console use from that network, also allow traffic to:
Update your firewall rules.
Update your firewall rules to allow HTTPS and WebSocket traffic to the two domains identified in step 1.