question

FrodeFuglestad-8065 avatar image
0 Votes"
FrodeFuglestad-8065 asked JayaC-MSFT commented

Is it possible to get the local IP for an Azure Function app when it's using a Standard App Service Plan with a configured VNet?

We have setup a Virtual Network Gateway and connect a Site-To-Site connection with a on-premise server, plan is to allow the Azure Function to reach a database server within the on-premise environment.
Whats stopping us now is that we cannot find the local IP of the Azure Function app thats a required input to whitelist the service for talking with the database server by configuring the on-premise firewall.

azure-functionsazure-vpn-gatewayazure-webapps-vnet
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@FrodeFuglestad-8065 Let us know if the answer provided has helped in this case. Please 'Accept as answer' and ‘Up-vote’ if it helped so that it can help others in the community looking for help on similar topics.

0 Votes 0 ·

@FrodeFuglestad-8065 I haven't heard back from you. Please let me know if the answered provided helped in this case.

0 Votes 0 ·

@FrodeFuglestad-8065 Please let us know if you had a chance to check the answer provided and confirm if that helps in this case.

0 Votes 0 ·
didier3001 avatar image
1 Vote"
didier3001 answered

Hi @FrodeFuglestad-8065

You will find all the possible outbound IP addresses for your own App Services in the properties as shown on the screenshot below:
20419-appserviceip.jpg


These are the IP addresses that you should whitelist.

--I hope this helps. Please Accept it as an answer and "Up-Vote" the answer or message(s) that helped you so that it can help others in the community looking for help on similar topics

Regards,
Didier3001




appserviceip.jpg (82.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JayaC-MSFT avatar image
0 Votes"
JayaC-MSFT answered JayaC-MSFT edited

@FrodeFuglestad-8065 you can check this document and I believe this will help you in this case : web-sites-integrate-with-vnet
However, as per my understanding you have configured VNet gateway integration, you are using Point to Site from Function to the VNet Gateway and then onto Site To Site, so lets focus on the On-premises resources section of the document and we need to consider two points as highlighted:

20542-image.png


In this scenario you will be using the IP Address from the VNet Subnet that the Function app is allocated to as the Source IP and not the Public Outbound address.

e.g. In the subnet you can have a small address range to check ( in the screenshot it has 6 ips in that range - small range has been used for testing purpose but you need to choose the range according to the architecture) . In the destination resource, with the help of netmon trace you can verify the source ip. [Note : this is tested with regional VNet integration]

20991-image.png

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.



image.png (82.0 KiB)
image.png (20.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.