Configure domain name firewall rules
If your corporate firewall blocks traffic based on domain names, you must allow HTTPS and WebSocket traffic to Databricks domain names to ensure access to Databricks resources. You can choose between two options, one more permissive but easier to configure, the other specific to your workspace domains.
Option 1: Allow traffic to *.cloud.databricks.com
Update your firewall rules to allow HTTPS and WebSocket traffic to *.cloud.databricks.com
. This is more permissive than option 2, but it saves you the effort of updating firewall rules for each Databricks workspace in your account.
Option 2: Allow traffic to your Databricks workspaces and account console only
If you choose to configure firewall rules for each workspace in your account, you must:
Identify your workspace domains.
Your Databricks workspace uses two domain names. The first is the one that you use to log in, such as
yourcompany.cloud.databricks.com
if you have a vanity domain name, ordbc-<random-string>.cloud.databricks.com
if you do not.To find the second domain, log in to the first domain. After you log in, you should see
https://<first-domain>/?o=<workspace-id>
in your browser address bar, where<workspace-id>
is a string of digits.Note
Some workspace types do not display a workspace ID in the logged-in URL. If you do not see a
?o=
followed by a string of digits in the URL, contact your Databricks account team to get your workspace ID.The second domain has the format
dbc-dp-<workspace-id>.cloud.databricks.com
. For example, if the workspace ID is123456
, your second domain isdbc-dp-123456.cloud.databricks.com
.If you will need to access account console use from that network, also allow traffic to:
accounts.cloud.databricks.com
Update your firewall rules.
Update your firewall rules to allow HTTPS and WebSocket traffic to the two domains identified in step 1.