Reputation: 190
When to choose IP Whitelisting over VNet peering?
To connect two VNets or more together, VNet peering can be used. However, I noticed that in my organization, some are using NSGs to whitelist IP addresses between VNets. Is there an advantage or best practices regarding that?
Upvotes: 0
Views: 446
Answers (1)
Reputation: 1054
Whitelisting IPs is usually not recommended when you can avoid doing so, following Zero Trust pattern.
Depending on your constraints and organization rules, you might want to leverage VNet Peering with a Hub-and-Spoke topology (or not) or even Private Link across VNets/regions for PaaS (or VMs behind a Load Balancer) to make sure traffic is flowing via the Microsoft backbone and not via the Internet, IP spoofing being a common attack.
I would always refer to the Microsoft Well-Architected Framework for such questions.
Upvotes: 1
Related Questions
- Share a VNet across subscriptions?
- One Azure vNET peering with multiple vnets that are using the same address space
- Azure vnet peering: property "remoteAddressSpace" unclear
- Does peering between vnets create congestion?
- Subnet to subnet peering in azure
- Vnet peering not getting deleted in azure
- Azure Vnet Peering
- I can't access resources in peered VNet
- Azure VNet Peering with multiple subscription in mutiple AD. Possible?