azure web app vnet integration

prasantc 926 Reputation points
2023-09-08T06:16:36.6066667+00:00

I am trying to connect to on prem DB from Azure but it is not allowed as the azure web app outbound uses public IP to traverse.

I enabled vnet integration and still does not appear to be connecting to db. Is there a way to force the internal path instead external.

Client is not going allow all MS public IP exception. Or I may have to convince them to allow service tag to allow traffic in the vnet integratoin

Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
900 questions
0 comments No comments
{count} votes

Accepted answer
  1. TP 90,151 Reputation points
    2023-09-09T23:28:08.01+00:00

    Hi,

    Please verify that the FQDN of the on-premises database server is resolving to private IP from within the app service. To do this, navigate to the app service in the portal, Development tools -- Advanced tools blade -- click Go. When Kudu site opens, click Debug console -- CMD. In the command prompt, enter command similar to below:

    nameresolver <DatabaseServerFQDN>

    The output should should show the private IP address of the database server, not public IP. If it shows public IP then you need to make some changes to DNS configuration. Exact changes are going to depend on your specific environment and needs. If you post output of nameresolver and provide details on environment I can recommend what changes need to be made.

    Please click Accept Answer if the above was helpful.

    Thanks.

    -TP


2 additional answers

Sort by: Most helpful
  1. Deepanshukatara-6769 8,940 Reputation points
    2023-09-08T07:06:38.37+00:00

    Hope you are doing good

    Azure Static Web Apps primarily hosts static web content and doesn't provide direct integration with on-premises databases or other on-premises resources. However, if you need to connect from your Azure Static Web App to an on-premises database, you will typically need to go through a few steps to set up the connectivity securely, the steps performed by you are the same

    and yes Azure service tag. Alternatively, as you mentioned, allowing traffic from the VNet integration could be a more secure option.

    Please accept if it helps


  2. Deepanshukatara-6769 8,940 Reputation points
    2023-09-09T06:09:04.8666667+00:00

    Then for your use case the best solution is to Control outbound traffic with Azure Firewall and please find the attach doc for step by step process https://learn.microsoft.com/en-us/azure/app-service/network-secure-outbound-traffic-azure-firewall

    Also , make sure to have the DNS entry for Azure firewall in your DNS if needed

    Please accept answer it may help you for sure

    Thanks!


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.