Share via

App Service Outbound connectivity not routing through VNET

Syed Munaz 0 Reputation points
2024-03-09T06:07:11.6033333+00:00

I have configured keyvault with allow public access from vnet and specific ip address
added the subnet delegated to app services

created a app service with vnet integration and the outbound traffic to key vault is still going through public and not through vnet.

Tried

1.created route table in app service delegated subnet to go through firewall and allow firewall rules from app services to keyvault

2.Created application configuation to force traffic to vnet using application configuration WEBSITE_VNET_ROUTE_ALL to 1

note: my keyvault doesnt have private endpoint and i want app services to go through service endpoint and access keyvault secrects.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,320 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,939 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Paul den Haan 0 Reputation points
    2024-03-10T19:18:12.03+00:00

    Hi Syed Munaz,

    To be able to reach the keyvault privately you need the private endpoint on the keyvault. The keyvault gets a private ip address and you can refer to it from your app service.

    If you want to use the name of the keyvault you need to add a private dns zone for keyvaults and associate the private endpoint to the dns zone.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.