api management service and network security group

zhengzhao liu 0 Reputation points

I am preparing to create an api management service. Apim uses the stv2 version,virtual network and internal mode.At the same time, I need to create an network security group ,binding it to the subnet where the API is located.I noticed a rule in outbound that its destination IP must be the internet.Without this, my apim cannot be used.I would like to ask why outbound must be connected to the internet ?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,805 questions
{count} votes

1 answer

Sort by: Most helpful
  1. MuthuKumaranMurugaachari-MSFT 22,236 Reputation points

    zhengzhao liu Thanks for posting your question in Microsoft Q&A. For stv2 Internal VNET mode, we recommend the following minimum NSG rules, and I couldn't find the requirement for outbound connectivity to Internet. Here is doc reference: Configure NSG rules. User's image

    So, I don't think outbound to internet is required since your backend APIs are within the subnet. If you can share where it was mentioned as required would be helpful. If you are force tunneling traffic to on-premise firewall, then check out https://learn.microsoft.com/en-us/azure/api-management/api-management-using-with-internal-vnet?tabs=stv2#force-tunnel-traffic-to-on-premises-firewall-using-expressroute-or-network-virtual-appliance as well. I hope this helps and let me know if you have any questions.

    0 comments No comments