![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 77%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,179 questions
Hi @alexmass,
I'll do my best to address your questions.
Security?
Both will restrict what traffic makes its way to your app service. Your app service will only respond to traffic you designated, whether it's IP or Service Endpoint
Networking? (path used by requests sent to application gateway)
Using Service Endpoint will gain advantage as the traffic request traverses the Azure backbone, see https://learn.microsoft.com/en-us/azure/app-service/networking/app-gateway-with-service-endpoints#integration-with-app-service-multi-tenant. When it comes to VIP, I'm not exactly sure if there's any efficiencies, but I would error to say no. More than likely, the traffic will out to the internet and back in from a routing standpoint. You could circumvent this by using a private endpoint on the App Service.
Pricing ?
Your costs will come from the SKUs of the App Gateway and App Service. From what you've stated, I don't think you will need a private endpoint; see https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint, but there is a cost associated if you go that route.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 32%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)