Skip to content

Commit 597349a

Browse files
KarlEricksonKarlErickson
committed
edits
1 parent ad2d184 commit 597349a

File tree

2 files changed

+16
-16
lines changed

2 files changed

+16
-16
lines changed

articles/spring-apps/how-to-configure-palo-alto.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ The rest of this article assumes you have the following two pre-configured netwo
5353

5454
Next, create three CSV files.
5555

56-
Name the first file *AzureSpringAppsServices.csv*. This file should contain ingress ports for Azure Spring Apps. The values in the following example are for demonstration purposes only. For all of the required values, see the [Azure Spring Apps network requirements](./vnet-customer-responsibilities.md#azure-spring-apps-network-requirements) section of [Customer responsibilities for running Azure Spring Apps in a virtual network](./vnet-customer-responsibilities.md).
56+
Name the first file *AzureSpringAppsServices.csv*. This file should contain ingress ports for Azure Spring Apps. The values in the following example are for demonstration purposes only. For all of the required values, see the [Azure Global required network rules](./vnet-customer-responsibilities.md#azure-global-required-network-rules) section of [Customer responsibilities for running Azure Spring Apps in a virtual network](./vnet-customer-responsibilities.md).
5757

5858
```CSV
5959
name,protocol,port,tag
@@ -64,7 +64,7 @@ ASC_445,tcp,445,AzureSpringApps
6464
ASC_123,udp,123,AzureSpringApps
6565
```
6666

67-
Name the second file *AzureSpringAppsUrlCategories.csv*. This file should contain the addresses (with wildcards) that should be available for egress from Azure Spring Apps. The values in the following example are for demonstration purposes only. For up-to-date values, see [Azure Spring Apps FQDN requirements/application rules](./vnet-customer-responsibilities.md#azure-spring-apps-fqdn-requirementsapplication-rules).
67+
Name the second file *AzureSpringAppsUrlCategories.csv*. This file should contain the addresses (with wildcards) that should be available for egress from Azure Spring Apps. The values in the following example are for demonstration purposes only. For up-to-date values, see the [Azure Global required FQDN / application rules](./vnet-customer-responsibilities.md#azure-global-required-fqdn--application-rules) section of [Customer responsibilities for running Azure Spring Apps in a virtual network](./vnet-customer-responsibilities.md).
6868

6969
```CSV
7070
name,description

articles/spring-apps/vnet-customer-responsibilities.md

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -27,20 +27,20 @@ By default, Azure Spring Apps has unrestricted outbound (egress) internet access
2727
The following list shows the resource requirements for Azure Spring Apps services. As a general requirement, you shouldn't modify resource groups created by Azure Spring Apps and the underlying network resources.
2828

2929
- Don't modify resource groups created and owned by Azure Spring Apps.
30-
- By default, these resource groups are named as `ap-svc-rt_[SERVICE-INSTANCE-NAME]_[REGION]*` and `ap_[SERVICE-INSTANCE-NAME]_[REGION]*`.
30+
- By default, these resource groups are named `ap-svc-rt_<service-instance-name>_<region>*` and `ap_<service-instance-name>_<region>*`.
3131
- Don't block Azure Spring Apps from updating resources in these resource groups.
3232
- Don't modify subnets used by Azure Spring Apps.
3333
- Don't create more than one Azure Spring Apps service instance in the same subnet.
3434
- When using a firewall to control traffic, don't block the following egress traffic to Azure Spring Apps components that operate, maintain, and support the service instance.
3535

3636
## Azure Global required network rules
3737

38-
| Destination Endpoint | Port | Use | Note |
39-
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
40-
| \*:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureCloud:443 | TCP:443 | Azure Spring Apps Service Management. | Information of service instance "requiredTraffics" could be known in resource payload, under "networkProfile" section. |
41-
| \*.azurecr.io:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureContainerRegistry:443 | TCP:443 | Azure Container Registry. | Can be replaced by enabling *Azure Container Registry* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
42-
| \*.core.windows.net:443 and \*.core.windows.net:445 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - Storage:443 and Storage:445 | TCP:443, TCP:445 | Azure Files | Can be replaced by enabling *Azure Storage* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
43-
| \*.servicebus.windows.net:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - EventHub:443 | TCP:443 | Azure Event Hubs. | Can be replaced by enabling *Azure Event Hubs* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
38+
| Destination endpoint | Port | Use | Note |
39+
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
40+
| \*:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureCloud:443 | TCP:443 | Azure Spring Apps Service Management. | For information about the service instance `requiredTraffics`, see the resource payload, under the `networkProfile` section. |
41+
| \*.azurecr.io:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureContainerRegistry:443 | TCP:443 | Azure Container Registry. | Can be replaced by enabling the *Azure Container Registry* [service endpoint in the virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
42+
| \*.core.windows.net:443 and \*.core.windows.net:445 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - Storage:443 and Storage:445 | TCP:443, TCP:445 | Azure Files | Can be replaced by enabling the *Azure Storage* [service endpoint in the virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
43+
| \*.servicebus.windows.net:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - EventHub:443 | TCP:443 | Azure Event Hubs. | Can be replaced by enabling the *Azure Event Hubs* [service endpoint in the virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
4444

4545
## Azure Global required FQDN / application rules
4646

@@ -58,16 +58,16 @@ Azure Firewall provides the FQDN tag **AzureKubernetesService** to simplify the
5858

5959
## Microsoft Azure operated by 21Vianet required network rules
6060

61-
| Destination Endpoint | Port | Use | Note |
62-
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
63-
| \*:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureCloud:443 | TCP:443 | Azure Spring Apps Service Management. | Information of service instance "requiredTraffics" could be known in resource payload, under "networkProfile" section. |
64-
| \*.azurecr.cn:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureContainerRegistry:443 | TCP:443 | Azure Container Registry. | Can be replaced by enabling *Azure Container Registry* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
65-
| \*.core.chinacloudapi.cn:443 and \*.core.chinacloudapi.cn:445 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - Storage:443 and Storage:445 | TCP:443, TCP:445 | Azure Files | Can be replaced by enabling *Azure Storage* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
66-
| \*.servicebus.chinacloudapi.cn:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - EventHub:443 | TCP:443 | Azure Event Hubs. | Can be replaced by enabling *Azure Event Hubs* [service endpoint in virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
61+
| Destination endpoint | Port | Use | Note |
62+
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
63+
| \*:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureCloud:443 | TCP:443 | Azure Spring Apps Service Management. | For information about the service instance `requiredTraffics`, see the resource payload, under the `networkProfile` section. |
64+
| \*.azurecr.cn:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - AzureContainerRegistry:443 | TCP:443 | Azure Container Registry. | Can be replaced by enabling the *Azure Container Registry* [service endpoint in the virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
65+
| \*.core.chinacloudapi.cn:443 and \*.core.chinacloudapi.cn:445 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - Storage:443 and Storage:445 | TCP:443, TCP:445 | Azure Files | Can be replaced by enabling the *Azure Storage* [service endpoint in the virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
66+
| \*.servicebus.chinacloudapi.cn:443 *or* [ServiceTag](../virtual-network/service-tags-overview.md#available-service-tags) - EventHub:443 | TCP:443 | Azure Event Hubs. | Can be replaced by enabling the *Azure Event Hubs* [service endpoint in the virtual network](../virtual-network/virtual-network-service-endpoints-overview.md). |
6767

6868
## Microsoft Azure operated by 21Vianet required FQDN / application rules
6969

70-
Azure Firewall provides the FQDN tag **AzureKubernetesService** to simplify the following configurations:
70+
Azure Firewall provides the FQDN tag `AzureKubernetesService` to simplify the following configurations:
7171

7272
| Destination FQDN | Port | Use |
7373
|------------------------------------|-----------|------------------------------------------------------------------------------|

0 commit comments

Comments
 (0)