We need to whitelist app service Outbound trafic IP's. Are they static or dynamic ?

Narasimha Kolla - DSV 61 Reputation points
2023-07-28T12:18:22.94+00:00

App service end point consumed by external application should be safe guarded from unauthorized access. To secure these end points, they asked that we provide the range of IP addresses that would consume these end points. Are we ok to provide them with the Outbound IP's, so they can whitelist it on their end? These outbound IP address are static or change dynamically ?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,992 questions
{count} votes

1 answer

Sort by: Most helpful
  1. TP 126.7K Reputation points Volunteer Moderator
    2023-07-28T12:52:11.4766667+00:00

    Hi Narasimha,

    Sometimes the outbound IP can be one that is not included in the list of possible outbound IPs. To combat this you can use VNet integration with Azure NAT Gateway so that you will have a static public IP:

    Azure NAT Gateway integration

    https://learn.microsoft.com/en-us/azure/app-service/networking/nat-gateway-integration

    Below article provides information on how IP addresses work with App Service, when they change, etc. When reading, please keep in mind what I mentioned above regarding outbound IP addresses not listed in possibleOutboundIPaddresses being used, since it is key reason why I'm suggesting you use NAT Gateway.

    Inbound and outbound IP addresses in Azure App Service

    https://learn.microsoft.com/en-us/azure/app-service/overview-inbound-outbound-ips

    Please click Accept Answer if the above is helpful. If something is unclear or you have questions, please add a comment below.

    Thanks.

    -TP

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.