Forum Discussion

miksingh's avatar
miksingh
Copper Contributor
Jan 07, 2022

Azure Private Endpoint

Hi,

 

I was looking at private endpoint for various PaaS services, such as storage (file services). However I realized that NSG are not in GA.

This was disappointing. For instance I setup a lab with a storage account and Azure Files and enabled private endpoint. My lab had the following setup:

VNET-A: 10.1.2.0/23 with Subnet-1 10.1.3.0/26

The storage account private link NIC was on 10.1.3.4

 

VNET-B: 10.1.5.0/24 with Subnet-2 10.1.5.96/27

A Server 2019 VM was on 10.1.5.100

 

Using private link I can mount the storage account and access over SMB, however there is no way to block inbound access to the File Share, for example using an NSG on the Subnet-A, my understand is that this is a public preview feature only?

 

However if I use the storage account 'firewall and virtual network settings' rather then the 'private endpoint connections' settings I can use the 'allow access from > selected networks' to allow or block access to the azure files storage. 

 

I wondering what benefit the private endpoint feature offers if NSG support is not in GA?

 

 

Resources