Update api-management-howto-integrate-internal-vnet-appgateway.md

simonkurtz-MSFT · web-flow · commit c7529409b848 · 2021-09-27T14:45:39.000-04:00
Add required second inbound App Gateway NSG rule that is Internet-specific.
diff --git a/articles/api-management/api-management-howto-integrate-internal-vnet-appgateway.md b/articles/api-management/api-management-howto-integrate-internal-vnet-appgateway.md
@@ -133,9 +133,12 @@ Create network security groups and NSG rules for the Application Gateway and API
 ```powershell
 $appGwRule1 = New-AzNetworkSecurityRuleConfig -Name appgw-in -Description "AppGw inbound" `
     -Access Allow -Protocol * -Direction Inbound -Priority 100 -SourceAddressPrefix `
-    GatewayManager -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443,65200-65535
+    GatewayManager -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 65200-65535
+$appGwRule2 = New-AzNetworkSecurityRuleConfig -Name appgw-in-internet -Description "AppGw inbound Internet" `
+    -Access Allow -Protocol "TCP" -Direction Inbound -Priority 110 -SourceAddressPrefix `
+    Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443
 $appGwNsg = New-AzNetworkSecurityGroup -ResourceGroupName $resGroupName -Location $location -Name `
-    "NSG-APPGW" -SecurityRules $appGwRule1
+    "NSG-APPGW" -SecurityRules $appGwRule1, $appGwRule2
 
 $apimRule1 = New-AzNetworkSecurityRuleConfig -Name apim-in -Description "APIM inbound" `
     -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix `
