Share via

Azure Network Issue

Gugu Sambo 1 Reputation point
2022-12-05T09:26:36.793+00:00

We have the Azure environment with a hosted Fortinet firewall which connects back to the Production environment via IPsec.
At this stage this is the only secure way to have Azure talk to Prod.

We have now received requests to create Web App services and have it talk back to Prod. There is also one for a SQL instance but believe the same concept applies.
What I have done so far:

  1. Redid the VNET for the Web App to get away from the default 10.0.0.0/16 address space. It is now 10.17.0.0/16.
  2. Created 2x subnets 10.17.0.0/24 and 10.17.1.0/24 for the incoming and outgoing traffic. This was created with the Web App wizard.
  3. Create a default network security group allowing default virtual network traffic on the above subnets.
  4. Setup Peering between this 10.17.0.0/16 VNET and the VNET attached to the Azure Fortigate.
  5. Attached the routing to subnets to route all traffic to Azure Fortigate IP.
  6. Create static route on the Fortigate firewall for 10.17.0.0/16
  7. Created test policy allowing traffic between 10.17.0.0/16 and 10.13.15.0/24 (Also Azure hosted VNet)
  8. I did not know this, but Web apps does not allow ping by default. I was able to tcpping ports 80 and 443 from 10.13.15.4 to private endpoint IP for Web App 10.17.0.4.
  9. But SSH and port 2222 not working.
  10. When I disable below aka allowing public access, I can use Azure to open an SSH connection and open the DNS site.
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,776 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SnehaAgrawal-MSFT 22,691 Reputation points Moderator
    2023-04-04T14:43:31.6533333+00:00

    Apologies for late response here! Just checking if you are still facing issue, based on the information you provided, it seems like you have taken several steps to enable communication between your Web App and your Production environment. However, it looks like you are experiencing some issues with SSH and port 2222. It's important to note that Web Apps do not allow SSH access by default. You will need to enable SSH access in the Web App's configuration settings. Additionally, you may need to configure your firewall rules to allow traffic on port 2222. If you are still experiencing issues after enabling SSH access and configuring your firewall rules, it may be helpful to review your network security group rules to ensure that they are properly configured to allow traffic between your Web App and your Production environment. Let me know if you have any further questions or concerns.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.