Azure app service - routing traffic through vnet - does IP translation take place?

1
votes

I have an azure app service with a web job that grabs data from a web service. The networking properties show that the webjob has a few outbound IPs, which are public Azure IP addresses.

I know that the web service app can be configured to route traffic through a VNET, however, it's not clear to me if the IP is translated to a local IP in the VNET, or if the Azure public IP remains. This obviously has implictions if there are firewalls on the network that block external IP's. Would this also mean that the return route could be over the internet rather than through the network? (espseically if the traffic end's up going down a VPN and outside of Azure - surely a 40. something public azure address would then force a return over the internet, which may not always be possible).

1
azureazure-virtual-networkazure-app-service-envrmnt
Do you mean, you block some public IP addresses, then use web app to communicate those IPs, you want to make sure the firewall will block the network traffic from the blocked IPs or not?Jason Ye
I'd like to know if the connectivity to the VNET has any IP address translation. Or if the public internet IP is preserved. I think this might cause an issue when using this with a VPN as I'm not sure how the return path would know to use the VPN rather than route over the internet.Neil P
In Azure, we can't force internet network traffic through P2S and S2S VPN, and public IP address will not translated to a internal IP address.Jason Ye
I'm thinking about communicating with a local service - in this instance there is no internet connectivity, which is why the public IP used by the web job may be a problem.Neil P

1 Answers

0
votes

it's not clear to me if the IP is translated to a local IP in the VNET, or if the Azure public IP remains.

As far as I know, when we use public IP address to communicate the internet, the public IP address will not translated to a internal IP.

I think this might cause an issue when using this with a VPN as I'm not sure how the return path would know to use the VPN rather than route over the internet.

When we use Azure P2S or S2S VPN, we can't force the internet traffic through the VPN tunnel.

Update:

enter image description here