Provide a real support for integrating Web Apps with resources inside a virtual network
The current implementation of Vnet integration with Web Apps is nowhere near good enough.
1. ASE's: ASE's are fine, but the extreme cost makes it completely unrealistic to use the feature except for very large sites.
2. Point-to-Site Vnets: If my vnet is an Expressroute vnet then I have no way to connecto to it using this feature
We need a well-working and easy way of integrating webapps with vnets. The optimal solution would be a simple "yes/no" for giving the web app an ip address inside the virtual network.
We have started work on the Vnet integration for Linux sites. The feature is currently in preview.
I will update this status as the engineering team progresses.
Is this feature still in preview? I see no reference to VNets within App Service for Containers / Linux, under the networking tab. The tab is greyed out at the app plan level.
I would suggest that the vNET integration needs to support inbound traffic. The current vNET integration is outbound only. A couple of reasons for this is we would like to require that developers connect to a VPN in order to connect to FTP to satisfy a MFA requirement. IP restrictions do not work as there is no way to restrict FTP access to particular IP addresses while allowing HTTP access from the internet. Additionally we'd like to inspect HTTP traffic by routing it through a network security virtual appliance. Ideally the app service should be assigned an internal IP address on your vNET so you can do both of those things as if they were running on a virtual machine within the vNET.
Markus Zack commented
we want to use the new vnet integration feature for our Dev Environment.
We need information at which time the vnet peering and route tables for the subnet will be support.
Can you provide this information?
Petter Lindgren commented
It's not professional to have the sql firewall open to all Azure services.
Matt Psaltis commented
Thought I'd retest this today to see if anything has changed, still needed to leave the SQL Server firewall rules set to on for all azure services.
Roku Error Help commented
I really appreciate your idea Roku Error Help will support you https://rokuerrorhelp.com/
Agreed with the comment below. It seems pointless at the moment as you still have to have the firewall open to all Azure services. When will an update be provided? Thanks,
What's the status on this? I set up a test environment today exactly as mentioned in the linked video (https://youtu.be/hTsspH9hzec?t=432) and while it works, it requires the database to still be open to all Azure services, which seems to defeat the point of having it and an app service attached to the same vnet.
Is this supported in the UK yet? If not, is there a date for it?
Found a link:
Web Apps can be attached to a virtual network (with a private IP - and not using a VPN).
The Web App can talk to service endpoints via the virtual network. (eg; use Azure SQL database).
Preview in East US/North Europe
Worldwide by late October (no production workloads yet)
GA time frame not talked about
Can you please share the link to the new feature that enable the service end point for App Service?
Any link to the Ignite announcement regarding this?
Shahid Iqbal commented
I didn't see any announcement at Ignite? Or am I missing something
Costa Christodoulou commented
Did anything get announced?
I am eagerly waiting for it.
Excellent news!! Will this feature allow outgoing WebApp traffic to be passed through a NVA with UDR rules?
Excellent!!! Have been getting around it by putting storage and sql in a different region than the app service and using public ip filtering.
Absolutely. Your own document describes the required setup as "This ON setting is probably more open than you want your SQL Database to be."
critical requirement to not open up SQL databases more than necessary
We really need this for basic security.
We use a SQL Azure database and not being able to limit the SQL Azure firewall to just our app service is a terrible limitation - instead we have to open SQL Azure to "All of azure". A solution that allows me to put the Web App on a VNET for internal traffic would work. Basic security..
After connecting an Azure function to a VNet using VNet integration, there is not an easy way to view what IP address was assigned from the IP pool. You can only view the allocated IPs used and guess which ones might be assigned to the any particular Azure function.
I too support the request to fix this issue.