Update concepts-networking.md

Author: GennadNY

articles/postgresql/flexible-server/concepts-networking.md

@@ -58,9 +58,15 @@ Here are some concepts to be familiar with when you're using virtual networks wi
 
   Your flexible server must be in a subnet that's *delegated*. That is, only Azure Database for PostgreSQL - Flexible Server instances can use that subnet. No other Azure resource types can be in the delegated subnet. You delegate a subnet by assigning its delegation property as `Microsoft.DBforPostgreSQL/flexibleServers`.
  The smallest CIDR range you can specify for the subnet is /28, which provides sixteen IP addresses, however the first and last address in any network or subnet can't be assigned to any individual host. Azure reserves five IPs to be utilized internally by Azure networking, which include two IPs that cannot be assigned to host, mentioned above. This leaves you eleven available IP addresses for /28 CIDR range, whereas a single Flexible Server with High Availability features utilizes 4 addresses. 
+ For Replication and Azure AD connections please make sure Route Tables do not affect traffic.A common pattern is route all outbound traffic via an Azure Firewall or a custom / on premise network filtering appliance.
+ If the subnet has a Route Table associated with the rule to route all traffic to a virtual appliance:
+    * Add a rule with Destination Service Tag “AzureActiveDirectory” and next hop “Internet”
+    * Add a rule with Destination IP range same as PostgreSQL subnet range and next hop “Virtual Network”
+
 
   > [!IMPORTANT]
   > The names `AzureFirewallSubnet`, `AzureFirewallManagementSubnet`, `AzureBastionSubnet`, and `GatewaySubnet` are reserved within Azure. Don't use any of these as your subnet name.
+  > For Azure Storage connection please make sure PostgreSQL delegated subnet has Service Endpoints for Azure Storage in the region of the VNet. The endpoints are created by default, but please take care not to remove these manually.
 
 * **Network security group (NSG)**. Security rules in NSGs enable you to filter the type of network traffic that can flow in and out of virtual network subnets and network interfaces. For more information, see the [NSG overview](../../virtual-network/network-security-groups-overview.md).
 
@@ -142,6 +148,9 @@ By default DNS name resolution is scoped to a virtual network. This means that a
 
 In order to resolve this issue, you must make sure clients in VNET1 can access the Flexible Server Private DNS Zone. This can be achieved by adding a [virtual network link](../../dns/private-dns-virtual-network-links.md) to the Private DNS Zone of your Flexible Server instance.
 
+
+
+
 ### Unsupported virtual network scenarios
 
 Here are some limitations for working with virtual networks: