0

I have external App Service Environment (ASE) with three web apps (A,B,C) deployed inside. Is it possible to limit the external access (from internet - I want to access them only when connected to the VNet with P2S/S2S VPN) to two of the web apps (A,B), while the other web app (C) is publicly accessible from internet through Azure WAF? If this is possible, how NSGs configuration may look like?

I understand that it is possible to deploy ILB ASE, but I want to minimize the number of deployed ASEs and If possible to achieve this segregation of access with one ASE. enter image description here

DevUser
  • 751
  • 2
  • 8
  • 26
  • External ASE is with VIP on an external IP address. AFAIK it is not possible to configure NSG on external IP. So, for this scenario, you have to use ILB ASE with the VIP on an internal IP address. If you need an ILB ASE, you can create an ASE by itself: https://learn.microsoft.com/en-us/azure/app-service/environment/create-external-ase#create-an-ase-by-itself. – Swikruti Bose May 14 '18 at 09:18
  • What about external ASE with IP-based SSL addresses. I'm finding references explaining that is possible to assign IP-base SSL address to web app inside ASE, afterwards configure NSGs based on these. Unfortunately there is no much detail information around this, only references here and there. :( – DevUser May 16 '18 at 11:54
  • Slide 14 in this deck https://8gportalvhdsf9v440s15hrt.blob.core.windows.net/ignite2017/session-presentations/BRK3204.PPTX – DevUser May 16 '18 at 12:04

0 Answers0