Share via

Is it possible to get the local IP for an Azure Function app when it's using a Standard App Service Plan with a configured VNet?

Frode Fuglestad 21 Reputation points
2020-08-25T11:12:05.98+00:00

We have setup a Virtual Network Gateway and connect a Site-To-Site connection with a on-premise server, plan is to allow the Azure Function to reach a database server within the on-premise environment.
Whats stopping us now is that we cannot find the local IP of the Azure Function app thats a required input to whitelist the service for talking with the database server by configuring the on-premise firewall.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,814 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,490 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,556 questions
Accepted answer
  1. Didier3001 986 Reputation points Microsoft Employee
    2020-08-26T09:36:18.937+00:00

    Hi @Frode Fuglestad

    You will find all the possible outbound IP addresses for your own App Services in the properties as shown on the screenshot below:
    20419-appserviceip.jpg

    These are the IP addresses that you should whitelist.

    --I hope this helps. Please Accept it as an answer and "Up-Vote" the answer or message(s) that helped you so that it can help others in the community looking for help on similar topics

    Regards,
    Didier3001

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JayaC-MSFT 5,531 Reputation points
    2020-08-26T14:40:16.827+00:00

    @Frode Fuglestad you can check this document and I believe this will help you in this case : web-sites-integrate-with-vnet
    However, as per my understanding you have configured VNet gateway integration, you are using Point to Site from Function to the VNet Gateway and then onto Site To Site, so lets focus on the On-premises resources section of the document and we need to consider two points as highlighted:

    20542-image.png

    In this scenario you will be using the IP Address from the VNet Subnet that the Function app is allocated to as the Source IP and not the Public Outbound address.

    e.g. In the subnet you can have a small address range to check ( in the screenshot it has 6 ips in that range - small range has been used for testing purpose but you need to choose the range according to the architecture) . In the destination resource, with the help of netmon trace you can verify the source ip. [Note : this is tested with regional VNet integration]

    20991-image.png

    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.