Azure PaaS service - Internet Access egress path

Sumeetha Mogasati 126 Reputation points
2022-12-02T20:19:58.58+00:00

Hi,

Please confirm whether access to the Internet from an Azure PaaS service traverses to virtual networks and egress out of the virtual hub core firewall?

Like to understand how the traffic flows in a standard topology.

Thanks

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
578 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,181 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 23,181 Reputation points Microsoft Employee
    2022-12-08T00:01:05.433+00:00

    @Sumeetha Mogasati ,

    Apologies for the delayed response here.

    Depending on how your PaaS services are integrated within the VNET. Like for example based on this architecture where Azure App service and Azure SQL are integrated in a VNET using Private Endpoints you can secure both ingress and egress traffic using an Azure Firewall.
    268413-image.png

    Please let me know if you have any additional questions here.

    0 comments
  2. msrini-MSFT 9,261 Reputation points Microsoft Employee
    2022-12-26T09:09:20.61+00:00

    Hi,

    By default, any PaaS service you deploy will take its own service IP to egress out to Internet. For example, in App service you can see the outbound IPs listed which it takes to egress out to Internet.

    If you need to flow via VNET, then you will need to make some modifications on the respective PaaS resource to flow via VNET, where you will need to add some route table to force traffic via Firewall / NVA.

    Regards,
    Karthik Srinivas

    0 comments