mac
Reputation: 335
Azure Bastion Service - Any reason why the connection between the Azure portal and the bastion subnet is over the internet? `
Any reason why the connection between the Azure portal and the bastion subnet is over the internet? I guess that's why you need a public IP for the bastion service but ideally it would be a service endpoint over the Azure backbone. In the image below you see that SSL traffic is going over the Internet from the portal to the Bastion Service subnet, ideally this would be using a private IP and over the Microsoft backbone and not the internet. Perhaps there is a way to mimic this behavior with a VPN or some sort of gateway. Thanks for any answers.
Upvotes: 0
Views: 437
Answers (1)
silent
Reputation: 16178
Ok, I think there are two misconceptions here:
- All traffic between Azure resources, even when they go over public endpoints (IPs), do indeed stay on the Microsoft network/backbone. But, since they are public endpoints, this is still defined as "Internet" - even though it is not routed somewhere else in between
- For Bastion in specific: Once you start a Bastion connection from the Azure Portal in your Browser, usually a new window/tab opens with a new address, which is not portal.azure.com. So your client directly connects there over the internet, not through the Azure portal.
I hope this makes it more clear.
Upvotes: 1
Related Questions
- Azure - Application Gateway without public IP
- Is Azure Bastion able to connect via transitive peering?
- Why does the Azure Virtual Network Express Route Gateway require public IP?
- Azure Application Gateway: Why when i hit its Public IP, i redirect to "<app_service_url>:80"?
- What's the point of outbound IP addresses in an Azure App Service?
- What determines the outbound ip addresses in my app service in Azure?
- Unable to connect through virtual machine via Azure Bastion
- Azure Bastion - access VMs across peered networks?
- Azure Back end app services with no public ip