When configuring API Management inside a VNET one can choose between External and Internal.
My goal is to allow external trafic into API Management. But when request are made from other services within the VNET or from services that are on-premise and are using Express Route those calls should not be routed over the public internet. Those calls sould be routed directly to the APIM instance inside the VNET.
Is the above possible using the External mode? Or do I then need to set it Internal and use a Application Gateway to expose the endpoint for external traffic?
