I'm running a Function App within its own virtual network (VNet) for enhanced security and isolation. This app needs to be accessed through a private endpoint from my main VNet, but I'm facing a challenge: I want to restrict access to a specific Virtual Machine Scale Set (VMSS) within that VNet. I've already set up the private endpoint in the main VNet. I was considering using an Application Security Group (ASG) combined with Network Security Groups (NSG) to enforce these restrictions, but the subnet with the VMSS also contains other VMSS and VMs, making me hesitant to implement new NSG rules there. So, do I need to create a separate subnet for the private endpoint?
4 Answers
Definitely, having a dedicated subnet for your private endpoint simplifies management. If you want to stick to the existing subnet, you can just use an ASG targeting your VMSS to limit access, but a separate subnet is the cleaner choice.
I recommend creating a distinct subnet for the private endpoint. The subnet itself is mainly for organization, and while NSGs enforce security, having a dedicated space for the private endpoint avoids potential conflicts as you scale up your services.
Yes, it should be a separate subnet to keep things tidy. If you choose to keep it in the same subnet, be careful with your priority settings in NSG. Conflicting rules can create issues as you add new services.
Absolutely, it's a good idea to have a separate subnet for your private endpoint. This keeps your network clean and organized, and helps in managing security rules more effectively.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures