I've got all the resources i need. I put my web service inside a app service environment, then attached the NSG to the subnet that the app service environment uses. I then allowed apps inside the VNET to communicate with the web service but it doesn't work proplerly. What exactly security rules do i need?
Asked
Active
Viewed 2,927 times
2 Answers
2
You probably want an ILB ASE instead, since there's no point in exposing your App Service Environment through a VIP (Public IP) if all you care about is accessing it from inside your Virtual Network.
An ASE can be deployed with an internet accessible endpoint or with an IP address in your VNet. In order to set the IP address to a VNet address you need to deploy your ASE with an Internal Load Balancer(ILB).
When your ASE is configured with an ILB you provide:
- your own domain or subdomain. but you can configure it either way.
- the certificate used for HTTPS
- DNS management for your subdomain
In return, you can do things such as:
- host intranet applications, like line of business applications, securely in the cloud which you access through a Site to Site or ExpressRoute VPN
- host apps in the cloud that are not listed in public DNS servers
- create internet isolated backend apps which your front end apps can securely integrate with
evilSnobu
- 24,582
- 8
- 41
- 71
0
Assuming you have you WebApp is used on the public network (Internet) and the WebService is inside Azure VM/Service.
You have to create Rules for allowing traffic to your WebService, inbound to the specific port you are using like
Name: AllowInternetInbound Priority: AnyNumberBelowYourDenyAll 100 is a good example SourceIP: INTERNET use the TAG option SourcePort: * DestinationIP: YourWebServiceIP Port: YourWebServicePort or * Protocol: http or https Access: Allow
Documentation: https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-nsg/
If you post how your app and config are currently maybe we can see if there's anything missing.
