Azure function in App service plan

Question

Hi
I have app service plan associated with Virtual network, and i have NSG with few inbound and OB rules.
I have azure function running in App service plan mentioned above
In Azure function i am interacting with the On premise SqlServer,
In order to all Inbound and Out Bound traffic from On premise SqlServer what are the Inbound and Outbound rules i need to Setup.

Answer 1

Hello @Amar-Azure-Practice

If you're setting up a site-to-site connection over VPN (which requires gateway subnet), you shouldn't need to add NSG rules: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub

Here's a video showing the step-by-step process: https://www.youtube.com/watch?v=-URamOOYg38

Answer 2

Hi Mike,

We are not using the Site to Site VPN, we are opening on premise firewall to receive traffic from Azure.
and we want Azure Functions need to read data from on premise database.

when we tested this application locally, it is working but when we deploy to Azure we are having some connectivity issues.

Answer 3

Hey @Amar-Azure-Practice - So, in order to establish a secure, reliable connection between your on-prem network and the Azure VNET (which your Function App runs inside of, in one of the subnets), you'll need to set up a site-to-site configuration, ideally. For more info on this guidance, please review: Connect an on-premises network to a Microsoft Azure virtual network

Alternatively, you can explore using Hybrid Connections, or On-Premise Data Gateway in conjunction with Logic Apps which can call your Function App as well.

If configurations involving VNETs seem overkill and you're not processing resource-intensive heavy payload, I would definitely go with a combination of On-Premise Data Gateway, Logic Apps, and Functions App option.