How to Connect Azure App Service to Application Gateway Across Tenants?

By
Dan
-
0
0
Asked By TechGuru99 On

I'm trying to connect an Azure App Service hosted in a different tenant (let's call it tenant A) to an Application Gateway in another tenant (tenant B). I've managed to add the Application Gateway's public IP to the allowed list in the App Service when I enabled access for specific virtual networks and IP addresses. However, I'm running into a 403 Forbidden error whenever I try to access the App Service through the Gateway. I've already set up custom DNS and mapped it to the App Service. Does anyone have suggestions on how to resolve this issue? Also, in my health probes, when I check for HTTP responses between 200 and 600, the backend appears healthy but still returns a 403 error.

3 Answers

Answered By NetworkingWiz88 On

You should be adding the specific subnet for the Application Gateway to your allow list instead of just the public IP. I’m not sure how to implement rules across different tenants, though. Another option would be to create a new VNet in your App Service’s tenant, set up VNet integration, and then establish VNet peering between the two VNets. This way, you can apply the necessary allow rules more effectively.

Answered By CloudNinja77 On

First off, check what your backend configuration looks like within the Application Gateway. Is it set to point to 'xxx.azurewebsites.net' or to 'mycustomdns.com'? Also, make sure that your Application Gateway's listener is using the correct custom DNS. If it's currently only connecting over the public internet, consider setting up VNet peering between your App Gateway's VNet and your App Service's VNet for better connectivity. You should also test DNS resolution and connectivity from the Gateway's VNet to your App Service using tools like telnet.

Answered By CloudHopper99 On

To connect across tenants, I recommend setting up private endpoints. You'd need to add a new subnet to your Application Gateway's VNet in tenant B and establish a private endpoint for the App Service in tenant A. Note that you'll have to approve this connection manually since it's between different tenants. Don't forget to set up a Private DNS zone linked to your private endpoint to ensure proper resolution. This will allow your Application Gateway to access the App Service internally without routing through the public internet.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.