Share via

Azure Function Outbound Internet Access and Service Endpoints

Scott White 0 Reputation points
2025-02-14T16:17:05.1033333+00:00

Hi,

I have an Azure Function which is VNET integrated into a subnet which has service endpoints enabled for Microsoft.Web. The Function is configured with Outbound Internet Traffic enabled through the VNET, the subnet has a NAT Gateway attached.

The Function app is making outbound calls to another service hosted on azurewebsites.net but not ran by ourselves, they want to whitelist our NAT Gateway IP. This setup has worked fine for external services not hosted on Azure but our calls on their side are originating from our private 10. IP range.

Is it the service endpoints causing this issue and what can we do to resolve? We cannot disable service endpoints on the Function subnet but require that this traffic leave via the NAT Gateway to give us a static IP for whitelisting.

Thanks

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,911 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,762 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sai Prabhu Naveen Parimi 2,265 Reputation points Microsoft External Staff Moderator
    2025-02-14T18:27:18.01+00:00

    Scott White

    Welcome to Microsoft Q&A Platform!

    Thank you for bringing this issue to our attention. We understand that you are experiencing problems with your Azure Function's outbound traffic. Here are a few steps you can take to resolve the issue:

    1. Disable Service Endpoints for Specific Traffic: If possible, configure your Azure Function to use the NAT Gateway for outbound traffic to the specific service on azurewebsites.net. This might involve adjusting your routing rules or using a different subnet without service endpoints for this specific traffic.
    2. Use Regional VNET Integration: Ensure that your function app is configured for regional virtual network integration, which allows it to reach Azure services secured with service endpoints while still routing other traffic through the NAT Gateway.
    3. Review App Settings: Verify that your function app settings are configured correctly. For example, the WEBSITE_VNET_ROUTE_ALL setting should be set to 1 to ensure all outbound traffic goes through the VNET

    For more detailed information, you can refer to the following document:

    https://learn.microsoft.com/en-us/azure/azure-functions/functions-networking-options?tabs=azure-portal#connecting-to-azure-services-through-a-virtual-network

    We hope these steps help resolve the issue. If you need further assistance, please let us know.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.