You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/app-service/environment/firewall-integration.md
+7-2Lines changed: 7 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn how to integrate with Azure Firewall to secure outbound traff
4
4
author: ccompy
5
5
ms.assetid: 955a4d84-94ca-418d-aa79-b57a5eb8cb85
6
6
ms.topic: article
7
-
ms.date: 08/31/2019
7
+
ms.date: 01/14/2020
8
8
ms.author: ccompy
9
9
ms.custom: seodec18
10
10
@@ -51,10 +51,14 @@ The steps to lock down egress from your existing ASE with Azure Firewall are:
51
51
52
52
![Add application rule][1]
53
53
54
-
1. From the Azure Firewall UI > Rules > Network rule collection, select Add network rule collection. Provide a name, priority, and set Allow. In the Rules section, provide a name, select **Any**, set * to Source and Destination addresses, and set the ports to 123. This rule allows the system to perform clock sync using NTP. Create another rule the same way to port 12000 to help triage any system issues.
54
+
1. From the Azure Firewall UI > Rules > Network rule collection, select Add network rule collection. In the provide a name, priority, and set Allow. In the Rules section under IP addresses, provide a name, select a ptocol of **Any**, set * to Source and Destination addresses, and set the ports to 123. This rule allows the system to perform clock sync using NTP. Create another rule the same way to port 12000 to help triage any system issues.
55
55
56
56
![Add NTP network rule][3]
57
+
58
+
1. From the Azure Firewall UI > Rules > Network rule collection, select Add network rule collection. Provide a name, priority, and set Allow. In the Rules section under Service Tags , provide a name, select a protocol of **Any**, set * to Source addresses, select a service tag of Azure Monitor and set the ports to 80, 443. This rule allows the system to supply Azure Monitor with health and metrics information.
57
59
60
+
![Add NTP service tag network rule][6]
61
+
58
62
1. Create a route table with the management addresses from [App Service Environment management addresses](https://docs.microsoft.com/azure/app-service/environment/management-addresses) with a next hop of Internet. The route table entries are required to avoid asymmetric routing problems. Add routes for the IP address dependencies noted below in the IP address dependencies with a next hop of Internet. Add a Virtual Appliance route to your route table for 0.0.0.0/0 with the next hop being your Azure Firewall private IP address.
59
63
60
64
![Creating a route table][4]
@@ -371,3 +375,4 @@ For US Gov you still need to set service endpoints for Storage, SQL and Event Hu
0 commit comments