Azure Private Links works with Site-to-Site VPN, Point-to-Site VPN, and the Express Route to provide private and secure access to Azure PaaS services over Azure Private Endpoints. The Azure PAAS Services include a read-only network interface service called Azure Private Endpoint. It allows you to add deployed sites to your virtual network and restrict network access to them.
- Blocking access to the internet in general.
- Accessible from within the company’s on-premises network
- From outside the business network, access is possible through an authorized VPN client.
We’ve already set up Azure Web App service (battitraining) and Virtual Network (Article-VNet) in the Azure portal.
Go to the Web App and copy the URL of the application from the Overview page.
Open a browser, paste the URL, and hit enter, we will receive the landing page, so can observe that the URL is working publicly in the browser. Now we can see what the resolving IP is, so open the Command prompt and execute the “nslookup” command to see the resolved IP and make sure it’s the Public IP address.
Now go to your Azure portal and access the App service; within the App service, check whether the Private endpoint is available by selecting Networking from the Settings menu. Now that we’ve discovered that the Private endpoint isn’t working, we’ll need to upgrade our app service.
In the App Service select Scale-up (App Service plan) under the Settings, and then Select Premium Plan (in this demo, we will choose P1V2), and then click Apply.
Now we can verify that the Private endpoint service is available for this App service. Now it’s available.
Now click VNet integration under the Outbound Traffic.
In the VNet Integration select + Add VNet.
Select your Virtual Network under the Virtual Network, select the empty Subnet, and click Ok.
Now we can verify that our Application is integrated with the Virtual Network.
To configure private endpoints, click Networking under the settings and then click Private endpoints.
In the Private endpoint, connections click the +Add button, on the Add Private Endpoint popup, enter the name for the Private endpoint, choose the Virtual network, select the empty subnet, and then click Ok.
Now when we open the Private DNS zone, we can see our web app’s private IP is 10.100.0.4.
Go to the Web App and copy the URL of the application, paste the URL, now we will receive an Error 403 – Forbidden page.
In this scenario, we have one Virtual Machine connected to our Virtual Network, so when we paste the URL, we receive the landing page, and if we check the nslookup, it is shown the private link and the private address.
In this article we learned how to configure a Private endpoint in Azure; if you have any queries, please leave a comment in the comment box.