Reputation: 13
Could not successfully network Frontend and API App Service by using private endpoints and VNet integration
I have these subnets under my virtual network
- outbound-subnet
- inbound-subnet
On one of my App Service (API) I enabled the Private endpoints using the inbound-subnet in the Networking Tab > Inbound Traffic so I can restrict the access of it via the internet.
And on my other App Service (Frontend) I enabled the VNet integration using the outbound-subnet in the Network Tab > Outbound Traffic.
My main goal here is to expose the App Service (Frontend) on the internet and only allow the App Service (API) to be called by the App Service (Frontend).
After configuring all of these settings I was able to achieve the following
- The App Service (API) is not accessible via the internet anymore
- The App Service (Frontend) is still accessible on the internet
The problem that I am encountering right now is that the App Service (Frontend) could not call the API endpoints of the App Service (API) and I am getting the error of
403 Ip Forbidden
I don't know what is wrong with my configuration and I am fairly new to Azure I hope anyone could guide me on how I can do this. Thank you!
Edit:
For additional information, I am using the App Service Plan Production P1V2 SKU/Pricing Tier.
Upvotes: 0
Views: 698
Answers (1)
Reputation: 5540
I tried to reproduce the same in my environment and got the results like below.
I have created one app service with Private endpoints inbound subnet and another app service for vnet integration outbound subnet.
When I access the URL, I got the same error as below
Try to access private endpoint via application gateway I added both app service as backend pool like below:
Try to add backend setting and healthy probe and create a virtual machine like below:
Create a bastion to connect securely to the virtual machine for testing the private endpoint. When I connect with bastion I got result successfully like below.
Run PowerShell or cmd Enter nslookup <webapp-name>.azurewebsites.net.
Reference:
Upvotes: 0
Related Questions
- How enable requests from Azure APIM to an App Service with Private Endpoint
- Unable to connect to Management Endpoint after integrating with VNet - Azure API Management
- Azure URL app service not working in vnet with private endpoint
- App Service not able to connect to resources through VPN Connection
- App Service Plan doesn't allow VNET Integration
- AppService VNet integration fails
- Azure App Service to App Service communication via Private Link
- Azure web app request is not going through VNET after inegration
- Azure App Service and VNet to VNet Connectivity
- Cannot integrate Azure Web App to Vnet