0

We have two applications. One application exists behind an on-premise site's firewall. It communicates with our second application, a service app that operates a REST API in the Azure cloud.

My question relates to the on-premise firewall. The service app in the Azure cloud has a single static inbound IP address. It also has a slew of outbound IP addresses. I plan to whitelist the Azure service app's inbound IP address. Do I also need to whitelist the outbound IP addresses?

(Does the REST API's response go through the outbound IP, or does the response travel back through another mechanism.)

StinkySocks
  • 101
  • 2

1 Answers1

0

Ordinarily you would not need to whitelist anything outbound as most firewalls allow outbound connections from any host by default. In the case of a REST API you should not need to whitelist the outbound, even if your firewall is set to block all outbound, because most times the response will be made along the same connection that made the query. If a separate connection is needed for the response, the firewall generally will have retained enough state to know that the query connection inbound between these hosts was allowed, so the outbound response between the same two hosts will also be allowed.

tsc_chazz
  • 905
  • 3
  • 14