Forum Discussion

calej1990's avatar
calej1990
Copper Contributor
Jul 14, 2021

Configure and verify Vnet in Azure

I have created a Virtual Network next to its subnet and integrated it into three service applications and created the rule on the firewall of my SQL Azure server.

Everything is in the same Azure subscription and region

I need to know if it is enough to direct all the traffic between these instances through the virtual network or do I need to configure some other aspect.

And how can I query the data traffic to verify that the virtual network is being used?

I am using a subscription with: 1 Resource Group 1 App Service 2 App Service 1 DB 1 Resource Group 1 App Service 1 DB 1 Vnet Everything is in the same region of Az. I want all traffic between resources to be through the Vnet. And also, monitor the traffic to verify the correct operation of the Vnet. 

Thank you!

1 Reply

  • Let's prepare below to ensure traffic between App Services and Azure SQL flows through the VNet:

    1. VNet Integration for App Services
      • Use Regional VNet Integration (not Gateway-required) for each App Service.
      • Confirm that each App Service is integrated with the same VNet and subnet.
    2. Private Endpoint for Azure SQL
      • Create a Private Endpoint for your Azure SQL Database.
      • This ensures traffic from App Services to SQL stays within the VNet and avoids public IP routing.
    3. Private DNS Zone
      • Link a Private DNS Zone to your VNet for privatelink.database.windows.net.
      • This allows App Services to resolve the SQL server name to its private IP.
    4. Firewall Rules
      • On the SQL server, disable “Allow Azure services” and only allow traffic from your VNet.

     

    For Monitor and Verify VNet Traffic

    1. Network Watcher
      • Use Network Watcher > Connection Monitor to track traffic between App Services and SQL.
      • You can set up probes to verify connectivity and latency.
    2. NSG Flow Logs
      • Enable Network Security Group (NSG) Flow Logs on the subnet.
      • This records traffic flow and can be analyzed in Azure Monitor or Storage.
    3. Azure Monitor Metrics
      • Use App Service diagnostics to check outbound traffic patterns.
      • SQL metrics can show connection sources—look for private IPs from your VNet.
    4. Azure Log Analytics
      • Connect your resources to a Log Analytics workspace.
      • Use KQL queries to inspect traffic and confirm private endpoint usage.

Resources