Funtion App routed through vnet NATGateway not using static outbound IP

Tom 1 Reputation point
2022-11-07T14:48:34.703+00:00

Hi,

I'm building a function app in azure and for whitelisting purposes I need to ensure a static outbound IP.
I have setup a vnet with a NAT-Gateway containing a static public IP, however when i check the list of outbound IP addresses in my function app is my static ip + several other addresses belonging to the serverfarm.
When I test my function app, the ip used is never the static ip i created.

How do I force all traffic through my static ip?

Best regards,

Tom

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,321 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,178 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
964 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,956 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andriy Bilous 10,981 Reputation points MVP
    2022-11-07T15:24:21.453+00:00

    Did you try to add an application setting WEBSITE_VNET_ROUTE_ALL set to a value of 1?
    This setting forces outbound traffic through the virtual network and associated NAT gateway.
    Without this setting, internet traffic isn't routed through the integrated virtual network, and you'll see the same outbound IPs.

    https://learn.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-nat-gateway

  2. msrini-MSFT 9,261 Reputation points Microsoft Employee
    2022-11-07T15:27:59.42+00:00

    Hi,

    Can you make sure that you are forcing all outbound traffic of function app to the vnet as mentioned in the below doc ?

    https://learn.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-nat-gateway#update-function-configuration

    Regards,
    Karthik Srinivas

    0 comments
  3. Tom 1 Reputation point
    2022-11-07T15:49:24.53+00:00

    Update, the code I was using to check the outbound ip got the ip from a header in the http call, this somehow gave me other ip's than a python ip api.
    Using that api, it did return my static ip, so i assume it was a problem in the code.

    Thanks for the responses!

    0 comments