I am creating Application gateway using ARM templete now I want to check after select the virtual network subnet should not be allocated any other resource if allocated then show the message like Subnet must have only have Application Gateway.
According to my understanding, you want to list all resources that are connected to the virtual network. If so, you can use the rest API Get Virtual Networks.
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}}?api-version=2020-07-01
If one subnet has been allocated any other resource, it will return these configurations in subnet property. For more details, please refer to here.
For example
Related
I want to restrict access to my Azure storage account to selected networks only (please see image).
Current network restriction setting
My current set up is as follows:
I have an Azure Storage account, with blob containers and tables.
Only selected networks can access this storage account (please see the first image above). I've selected the gateway subnet (I've tried to add other subnets within the same virtual network, to no avail).
I have selected a virtual network call. All service endpoints for this network are set up correctly ('storage-service endpoint' is 'succesful'). The subnet involved is gateway subnet.
I also have a virtual gateway which is placed inside this virtual network. With (of course) the gateway subnet assigned to it.
Subnet endpoint permission
I have a point2site VPN connection (using Azure VPN client) to connect to this virtual network from my local machine (see image below).
This connection has been set up as well, using Active Directory as authentication method. All seems correctly working.
The virtual gateway to which the VPN connects, can see the active connection (see image below)
Obviously, I'm doing something wrong, so any help is very much welcome!
Regards,R.
VPN connection details
I have a point2site connection to the virtual network that is granted access to this storage account (see images below).
The point2site connection looks good (see image below), but I still can't access the storage account.
Current connection in azure VPN client
Current view of active connection to Virtual Gateway that connects to this Vnet.
Any help is much appreciated!
I tried to reproduce your scenario that can be possible with setting the private end point in storage account and azure VPN client.
you need to create and configure a Private End Point under the subnet you have the storage account exists.
Go to 'Private Endpoint Connection' under settings of storage account in azure portal as below:
Connected with Vnet using Azure VPN client .
Now you can map network drive on this pc using this format
\\Private IP Address or FDQN \Filesharename
For me there is one blockage.it error: Unable to reach the Azure storage account via port 445. I can’t add port 445 in my system if you have port number 445 you can be able to access the file share if not add port 445 so the SMB traffic over this port.
Note: Disable the firewall/ anti-virus temporarily installed on your computer.
Reference: https://learn.microsoft.com/en-us/azure/storage/files/storage-troubleshoot-windows-file-connection-problems
Is there any way to setup a static inbound IP for azure IoT hub? I'm not much experienced with networking. My client have a firewall, it is IP based. They need to set IP whitelisting. What should be the best way to achieve this?
The IP address prefixes of IoT hub are subject to change. These
changes are published periodically via service tags before taking
effect. It is therefore important that you develop processes to
regularly retrieve and use the latest service tags. This process can
be automated via the service tags discovery API. Note that Service
tags discovery API is still in preview and in some cases may not
produce the full list of tags and IP addresses. Until discovery API is
generally available, consider using the service tags in downloadable
JSON format.
IoT Hub IP addresses
In addition to the above, You can use IP filter to receive traffic only from a specified range of IP addresses and reject everything else.
By default, the IP Filter grid in the portal for an IoT hub is empty. This default setting means that your hub blocks connections from all IP addresses. This default setting is equivalent to a rule that blocks the 0.0.0.0/0 IP address range.
You can follow the documentation Use IP filters for more details.
The laptops of our company have a WCF sync/client installed which communicates with the Server.
The data transfer works as long as they do not connect with the VPN.
When they connect with the VPN, I can make the WCF client Sync again if I add the "proxyaddress" paramater to the .config file.
Question : how can I make it work in both scenario's? Is there a way the WCF client makes a "smart selection" of multiple endpoints?
This issue more relates to network, route, instead of WCF.
When we connect to VPN, an extra virtual network interface is created on the local machine. At the same time, the local routing table is changed, which caused the issue that the internal network address could not be accessed. We can solve this by setting up a proxy address. A more general way is to set a static route on the local machine.
Route add –p 172.17.10.0 mask 255.255.255.0 172.17.16.1
The first address is a destination network address. the last address is a local gateway, which can be routed by a local network interface. This will lead to the data packages sent to the destination network to be addressed from the specified network interface.
Here is a related link.
https://docs.oracle.com/cd/E53394_01/html/E54745/gmyag.html
Feel free to let me know if there is anything I can help with.
I have created Virtual Network and connected API Management to Virtual Network.
I am thinking to host my REST API in Azure Container Instances in my VNET and then expose those API in Azure API Management by configuring IP Address of Azure Container Instance REST API into Azure API Management web service url.
I have one doubt, if this is right way of doing it.
I am wondering if Azure Container Instance gets restarted and if IP Address will change, then my API exposed in API Mangament will be broken. Does IP Address gets changed if Azure Container Instances gets restarted for some reason.
There are some limitations for Azure container instances.
The IP address of a container won't typically change between updates,
but it's not guaranteed to remain the same. As long as the container
group is deployed to the same underlying host, the container group
retains its IP address. Although rare, and while Azure Container
Instances makes every effort to redeploy to the same host, there are
some Azure-internal events that can cause redeployment to a different
host. To mitigate this issue, always use a DNS name label for your
container instances.
Terminated or deleted container groups can't be updated. Once a
container group has stopped (is in the Terminated state) or has been
deleted, the group is deployed as new.
However, It's a rare case that Azure container instances will be redeployed to a different host. Also, if you have a container instance in a VNet, you're unable to directly set a --dns-name-label value and you only could access the instance via its private IP address from the outside world and other container groups. Note: Containers in a group are not discoverable through DNS. They can only be accessed through ‘localhost’, in combination with their exposed ports. You could get more references from More about networking in this blog.
Our product has software-managed virtual networks and has multiple local IP addresses from which network communications could be routed. One of the requirements we have is to ensure that outgoing traffic is routed from a specific, desired local IP when communicating with the Azure blob storage endpoint.
The Azure SDK does not seem to expose any means of specifying which local IP address to use for communications to the Azure blob endpoint. Please let us know if you think the SDK does expose and if so how we can utilize the facility.
If not, we are evaluating making changes to the azure-storage-java SDK source in order to support the local IP binding requirement.
Has this kind of situation been brought to your attention before? Do you have any suggestions as to how this might be accomplished?
Thanks,
Sowmya.