Merge pull request #189739 from madsd/natgateway

hmacgregor1 · web-flow · commit 06abf0fd2b6d · 2022-02-25T07:14:20.000-08:00
nat gateway limitations
diff --git a/articles/app-service/networking/nat-gateway-integration.md b/articles/app-service/networking/nat-gateway-integration.md
@@ -26,34 +26,36 @@ For more information and pricing. Go to the [NAT gateway overview](../../virtual
 :::image type="content" source="./media/nat-gateway-integration/nat-gateway-overview.png" alt-text="Diagram shows Internet traffic flowing to a NAT gateway in an Azure Virtual Network.":::
 
 > [!Note] 
-> Using NAT gateway with App Service is dependent on regional VNet Integration, and therefore **Standard**, **Premium**, **PremiumV2** or **PremiumV3** App Service plan is required.
+> * Using NAT gateway with App Service is dependent on virtual network integration, and therefore **Standard**, **Premium**, **PremiumV2** or **PremiumV3** App Service plan is required.
+> * When using NAT gateway together with App Service, all traffic to Azure Storage must be using private endpoint or service endpoint.
+> * NAT gateway cannot be used together with App Service Environment v1 or v2.
 
 ## Configuring NAT gateway integration
 
 To configure NAT gateway integration with App Service, you need to complete the following steps:
 
-* Configure regional VNet Integration with your app as described in [Integrate your app with an Azure virtual network](../overview-vnet-integration.md)
-* Ensure [Route All](../overview-vnet-integration.md#routes) is enabled for your VNet Integration so the Internet bound traffic will be affected by routes in your VNet.
-* Provision a NAT gateway with a public IP and associate it with the VNet Integration subnet.
+* Configure regional virtual network integration with your app as described in [Integrate your app with an Azure virtual network](../overview-vnet-integration.md)
+* Ensure [Route All](../overview-vnet-integration.md#routes) is enabled for your virtual network integration so the Internet bound traffic will be affected by routes in your virtual network.
+* Provision a NAT gateway with a public IP and associate it with the virtual network integration subnet.
 
 Set up NAT gateway through the portal:
 
-1. Go to the **Networking** UI in the App Service portal and select VNet Integration in the Outbound Traffic section. Ensure that your app is integrated with a subnet and **Route All** has been enabled.
-:::image type="content" source="./media/nat-gateway-integration/nat-gateway-route-all-enabled.png" alt-text="Screenshot of Route All enabled for VNet Integration.":::
+1. Go to the **Networking** UI in the App Service portal and select virtaul network integration in the Outbound Traffic section. Ensure that your app is integrated with a subnet and **Route All** has been enabled.
+:::image type="content" source="./media/nat-gateway-integration/nat-gateway-route-all-enabled.png" alt-text="Screenshot of Route All enabled for virtual network integration.":::
 1. On the Azure portal menu or from the **Home** page, select **Create a resource**. The **New** window appears.
 1. Search for "NAT gateway" and select it from the list of results.
 1. Fill in the **Basics** information and pick the region where your app is located.
 :::image type="content" source="./media/nat-gateway-integration/nat-gateway-create-basics.png" alt-text="Screenshot of Basics tab in Create NAT gateway.":::
 1. In the **Outbound IP** tab, create a new or select an existing public IP.
 :::image type="content" source="./media/nat-gateway-integration/nat-gateway-create-outbound-ip.png" alt-text="Screenshot of Outbound IP tab in Create NAT gateway.":::
-1. In the **Subnet** tab, select the subnet used for VNet Integration.
+1. In the **Subnet** tab, select the subnet used for virtual network integration.
 :::image type="content" source="./media/nat-gateway-integration/nat-gateway-create-subnet.png" alt-text="Screenshot of Subnet tab in Create NAT gateway.":::
 1. Fill in tags if needed and **Create** the NAT gateway. After the NAT gateway is provisioned, click on the **Go to resource group** and select the new NAT gateway. You can to see the public IP that your app will use for outbound Internet-facing traffic in the Outbound IP blade.
 :::image type="content" source="./media/nat-gateway-integration/nat-gateway-public-ip.png" alt-text="Screenshot of Outbound IP blade in the NAT gateway portal."::: 
 
-If you prefer using CLI to configure your environment, these are the important commands. As a prerequisite, you should create a Web App with VNet Integration configured.
+If you prefer using CLI to configure your environment, these are the important commands. As a prerequisite, you should create an app with virtual network integration configured.
 
-Ensure **Route All** is configured for your VNet Integration (*Note*: minimum `az version` required is 2.27):
+Ensure **Route All** is configured for your virtual network integration:
 
 ```azurecli-interactive
 az webapp config set --resource-group [myResourceGroup] --name [myWebApp] --vnet-route-all-enabled
@@ -67,7 +69,7 @@ az network public-ip create --resource-group [myResourceGroup] --name myPublicIP
 az network nat gateway create --resource-group [myResourceGroup] --name myNATgateway --public-ip-addresses myPublicIP --idle-timeout 10
 ```
 
-Associate the NAT gateway with the VNet Integration subnet:
+Associate the NAT gateway with the virtual network integration subnet:
 
 ```azurecli-interactive
 az network vnet subnet update --resource-group [myResourceGroup] --vnet-name [myVnet] --name [myIntegrationSubnet] --nat-gateway myNATgateway
@@ -80,6 +82,7 @@ The same NAT gateway can be used across multiple subnets in the same Virtual Net
 NAT gateway supports both public IP addresses and public IP prefixes. A NAT gateway can support up to 16 IP addresses across individual IP addresses and prefixes. Each IP address allocates 64,000 ports (SNAT ports) allowing up to 1M available ports. Learn more in the [Scaling section](../../virtual-network/nat-gateway/nat-gateway-resource.md#scale-nat) of NAT gateway.
 
 ## Next steps
+
 For more information on the NAT gateway, see [NAT gateway documentation](../../virtual-network/nat-gateway/nat-overview.md).
 
-For more information on VNet Integration, see [VNet Integration documentation](../overview-vnet-integration.md).
+For more information on virtual network integration, see [Virtual network integration documentation](../overview-vnet-integration.md).
