How to fix outbound IPs for App Service
Published May 04 2021 10:05 AM 15.1K Views
Microsoft

App Service is one of Azure Compute services categorized as PaaS Platform and has been offered since early days of Microsoft Azure. App Service is continuously improved since it had been released. Now, App Service offers container orchestrator for both Windows and Linux, VNET integration, and many other useful features to leverage Azure platform.

On the other hand, PaaS services are offered as multi-tenant shared services, which might pose challenges for integration with external services or legacy applications. As one of such challenges, external services sometimes require to fix IP address of an application. In this article, we will configure to fix outbound IPs of your App Service.

 

App Service Environment was only option to fix outbound IPs on App Service use cases, but App Service Environment is expensive for only fix outbound IPs. Outbound IPs of App Service are provided from Azure platform as follows, but the IPs might changes as random. Refer to Inbound and outbound IP addresses in Azure App Service for the detail.

daisami_0-1620117755181.png

 

This is a sample architecture for a use case to fix outbound IPs for App Service. NAT Gateway resource and VNet Integration feature of App Service are required to fix outbound IPs. 

daisami_0-1620116452111.png

Here are steps to configure it like the following:

  1. Create VNET and NAT Gateway
  2. Associate NAT Gateway to a subnet 
  3. Enable VNet Integration
  4. Setup WEBSITE_VNET_ROUTE_ALL = 1
  5. Check outbound IP with Kudu

You can setup to fix outbound IP on your App Service by following this post. NAT Gateway usage also brings other great benefit that you can avoid intermittent outbound connection errors caused by SNAT ports.

 

1. Create VNET and NAT Gateway

Follow Quickstart: Create a virtual network using the Azure portal to create a VNET.  Next, Create NAT Gateway by following Tutorial: Create a NAT gateway using the Azure portal. It's required to specify Public IP like below and the Public IP will be an outbound IP for your App Service.

daisami_2-1620117141032.png

 

2. Associate NAT Gateway to a subnet 

It's required to integrate your App Service with VNET to utilize NAT Gateway, so visit your NAT Gateway and choose "Subnets" menu from left side. Choose a subnet which your will enable VNet Integration for your App Service in later.

daisami_3-1620117390926.png

 

3. Enable VNet Integration

Visit your App Service and enable VNet Integration by choosing a subnet which you have already associated NAT Gateway.

daisami_1-1620117996877.png

 

4. Setup WEBSITE_VNET_ROUTE_ALL = 1

Next, it's also required to route all your outbound traffic to your VNET, so visit your App Service and choose configuration menu from left side. Put WEBSITE_VNET_ROUTE_ALL = 1 like below. Refer to Integrate your app with an Azure virtual network for the detail.

daisami_2-1620118481867.png

 

5. Check outbound IP with Kudu

App Service offers Kudu. Kudu is a very useful feature especially development scenarios. Open Kudo on your App Service and run commands as follow to check that returned IP is same with Public IP on your NAT Gateway.

daisami_1-1620119284693.png

 

Version history
Last update:
‎Jul 12 2022 09:15 PM
Updated by: