We deploy to Azure app services and to ensure secure traffic between each service they are configured with out bound traffic on a virtual network subnet. Each app service must have it's own subnet, which is understandable, but to allow the app services to communicate we are having to add inbound ip restrictions for each subnet, on each app service.
As all the subnets for all the app services within an environment are on the same virtual network we were expecting the traffic to route between the subnets. In that way by connecting each app service to an out bound subnet and allowing traffic back in on that subnet it would also allow traffic from the other subnets of the virtual network.
I've read here Azure: Routing between subnets a response that state "Azure routes traffic between all subnets within a virtual network, by default. You can create your own routes to override Azure's default routing." but that does not appear to be happening for us.
Is there a setting we need to change or a route that must be added to allow us to have a single inbound rule from the virtual network that allows all traffic from all subnets of the virtual network.
We are splitting our process into micro app services but this is making security of inter-app traffic complex as each time we add an app service we must update all others with an additional inbound rule before it can communicate.
We also have a similar issue with managing access to the azure sql database where we have connected the sql to a subnet in the virtual network but traffic from the app services cannot access over that subnet.
Any advice please?
