You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-network/virtual-network-encryption-overview.md
+15-13Lines changed: 15 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -66,20 +66,22 @@ Virtual network encryption is supported in the following scenarios:
66
66
| VMs in the same virtual network (including virtual machine scale sets and their internal load balancer) | Supported on traffic between VMs from these [SKUs](#requirements). |
67
67
| Virtual network peering | Supported on traffic between VMs across regional peering. |
68
68
| Global virtual network peering | Supported on traffic between VMs across global peering. |
69
-
| VM to Azure VPN Gateway | Supported on Dv5 VM SKUs (SKU not controlled by user). |
70
-
| VM to Azure Application Gateway | Not supported <sup>1</sup>. |
71
-
| VM to Azure Firewall | Not supported <sup>1</sup>. |
69
+
| VM to Azure VPN Gateway | Supported on traffic with gateways that use Dv5 SKU instances <sup>1</sup>. |
70
+
| VM to Azure Application Gateway | Not supported <sup>2</sup>. |
71
+
| VM to Azure Firewall | Not supported <sup>2</sup>. |
72
72
| Azure Kubernetes Service (AKS) | - Supported on AKS using Azure CNI (regular or overlay mode), Kubenet, or BYOCNI: node and pod traffic will be encrypted.<br> - Partially supported on AKS using Azure CNI Dynamic Pod IP Assignment (podSubnetId specified): node traffic will be encrypted, but pod traffic won't be encrypted.<br> - Traffic to the AKS managed control plane egresses from the virtual network and thus isn't in scope for virtual network encryption. However, this traffic is always encrypted via TLS. |
73
-
| Azure App Service | Not supported <sup>1</sup>. |
74
-
| Azure SQL Database | Not supported <sup>1</sup>. |
75
-
| Azure Storage | Not supported <sup>1</sup>. |
76
-
| Azure Functions Premium | Not supported <sup>1</sup>. |
77
-
| Private Endpoint | Not supported <sup>1</sup>. |
78
-
| Azure NetApp Files | Not supported <sup>1</sup>. |
79
-
| VM to ExpressRoute gateway | Not supported <sup>1</sup>. |
80
-
| VM to internet (using public IP address or load balancer) | Not supported <sup>1</sup>. |
81
-
82
-
<sup>1</sup> Data flows unencrypted in these scenarios.
73
+
| Azure App Service | Not supported <sup>2</sup>. |
74
+
| Azure SQL Database | Not supported <sup>2</sup>. |
75
+
| Azure Storage | Not supported <sup>2</sup>. |
76
+
| Azure Functions Premium | Not supported <sup>2</sup>. |
77
+
| Private Endpoint | Not supported <sup>2</sup>. |
78
+
| Azure NetApp Files | Not supported <sup>2</sup>. |
79
+
| VM to ExpressRoute gateway | Not supported <sup>2</sup>. |
80
+
| VM to internet (using public IP address or load balancer) | Not supported <sup>2</sup>. |
81
+
82
+
<sup>1</sup> SKU not controlled by user.
83
+
84
+
<sup>2</sup> Data flows unencrypted in these scenarios.
83
85
84
86
> [!NOTE]
85
87
> VM to PaaS injected services requires onboarding of the PaaS services to support encryption using supported VM SKUs.
0 commit comments