Azure App Service has 2 types of outbound IP addresses:
- Outbound IP Address:
- Additional Outbound IP address:
I would like to know from the whitelisting perspective, which category do I need to use in my firewall?
2
votes
1 Answers
3
votes
As far as I know, you should whiteliste the Additional Outbound IP addresses:
An App Service app runs in an App Service plan, and App Service plans are deployed into one of the deployment units in the Azure infrastructure (internally called a webspace). Each deployment unit is assigned up to five virtual IP addresses, which includes one public inbound IP address and four outbound IP addresses. All App Service plans in the same deployment unit, and app instances that run in them, share the same set of virtual IP addresses. For an App Service Environment (an App Service plan in Isolated tier), the App Service plan is the deployment unit itself, so the virtual IP addresses are dedicated to it as a result.
Because you're not allowed to move an App Service plan between deployment units, the virtual IP addresses assigned to your app usually remain the same, but there are exceptions.
So for some exceptions like if you scale your app between tier, one or more of the four outbound IP addresses may change (with some of the additional outbound IP addresses) See: When outbound IPs change
