I'm trying to set a static outbound IP for my Function App using a NAT gateway. We have a hub and spoke architecture with the NAT gateway in the hub along with the firewall, and all route tables are directed to the firewall's IP address. I've configured my Function App to use a private endpoint for inbound traffic and another subnet for outbound traffic. I've also unchecked the box for "Outbound internet traffic" in application routing. When I run a command like "curl -s https://api.ipify.org" from the app's console, I get one of the IPs listed as an outbound address. However, when I check the box for "Outbound internet traffic," I don't get any response from the console. I expected the public IP of the NAT gateway to be the outbound IP for this app. What do I need to do to get a static IP set for my app to send files outbound? Also, I've edited "WEBSITE_VNET_ROUTE_ALL" to "1".
2 Answers
Regarding the public IP of the NAT gateway, remember that if you check the "Outbound internet traffic" box, it might route through the default outbound access IP instead. To get a static IP, you'll need to associate your Function App with the NAT gateway via a specific subnet that has the static IP assigned. Double-check your VNet integration settings, and ensure the routes are pointing correctly to the NAT gateway.
First off, make sure your firewall rules are indeed allowing traffic to reach api.ipify.org. If you're not seeing any source IPs from your integration subnet in the firewall logs, that might suggest the requests aren't getting through. You might want to double-check the inbound rules on the firewall to ensure they're set up to allow the outbound traffic properly.
Yeah, sometimes the logs can be a bit tricky. Make sure you're looking at the right time frame in the logs and maybe even add a temporary logging rule to catch any blocked traffic.
Also, taking a look at your configuration with the "WEBSITE_VNET_ROUTE_ALL" set to "1" is great, but make sure your UDRs (User Defined Routes) are correctly set to route the outbound traffic through the NAT.