To connect two VNets or more together, VNet peering can be used. However, I noticed that in my organization, some are using NSGs to whitelist IP addresses between VNets. Is there an advantage or best practices regarding that?
When to choose IP Whitelisting over VNet peering?
321 views Asked by MostafaBakr At
1
There are 1 answers
Related Questions in AZURE
- How to update to the latest external Git in Azure Web App?
- I need an azure product that executes my intensive ffmpeg command then dies, and i only get charged for the delta. Any Tips?
- Inject AsyncCollector into a service
- mutual tls authentication between app service and function app
- Azure Application Insights Not Displaying Custom Logs for Azure Functions with .NET 8
- Application settings for production deployment slot in Azure App Services
- Encountered an error (ServiceUnavailable) from host runtime on Azure Function App
- Implementing Incremental consent when using both application and delegated permissions
- Invalid format for email address in WordPress on Azure app service
- Producer Batching Service Bus Vs Kafka
- Integrating Angular External IP with ClusterIP of .NET microservices on AKS
- Difficulty creating a data pipeline with Fabric Datafactory using REST
- Azure Batch for Excel VBA
- How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
- Azure Scale Sets and Parallel Jobs
Related Questions in IP-ADDRESS
- Arduino IDE: The IP address was not printing in serial monitor
- connect to an IP Address through python sockets
- When changing ip settings from different network to migrate data in Apache IoTDB, why did the query statement reported error?
- vue js and vite does not work on HTTPS Docker-Nginx
- How can put my python django project on live?
- Multiple Network Interfaces with different local IPs talking to the same destination IP (different device)
- Access flask server hosted on Raspberry Pi on Android phone connected via ethernet
- scapy custom source address shows failure
- SQL windows authentication fails sort of
- Angular universal SSR 16, first call to find user's ip went from server instead of client?
- Google Cloud Bring Your Own IP DNS/PTR Validation
- How to restrict specif ip address only to get the access token from the keycloak
- Can't connect to NGROK server
- Python IP validation giving incorrect results
- AuthorizationManager hasIpAddress unable to get to work with more than 1 ip address
Related Questions in AZURE-VIRTUAL-NETWORK
- bicep template to inject an azure app into vnet
- Why Terraform tries to delete subnet from function app if it exists in state, code and resource?
- Connect to Azure function app with private endpoint over VPN point to site
- azure terraform linux aci connector CrashLoopBackOff
- Using private endpoint to access a blob storage account in Azure returns 403
- Connecting a Azure Function app to Azure Managed Instance for Database Manipulation
- GRPC connectivity issue with Azure App Service from local post man?
- Azure powershell provision sftp storage with Basic Firewall
- Why fails my internet request to Azure VM?
- Issue with bicep template for subnet
- Issue with deploying Azure API Management instance to a virtual network - internal mode
- What can I achieve with Azure Firewall networking rule that cannot be done by Azure Virtual Manager security admin rules
- Does a packer image builder creates or uses a network interface and public ip if yes why and when?
- Azure SQL server from development to production
- Azure cloud - Container App - 403 Forbidden problem
Related Questions in VPC-PEERING
- How do two private subnets in the same AWS VPC contact each other although they are in different AZ?
- Access Google Cloud Memorystore from other project / network
- vpc peering not able to communicate between gke and bastion host
- Google Cloud: terraform / gcloud problem with google_service_networking_connection
- GCP: Creating private postgre instance in a specific subnet
- Connecting Cloud SQL Private Instance with Cloud Build
- ECS tasks unable to launch in peer VPC due to ResourceInitializationError
- When to choose IP Whitelisting over VNet peering?
- Connect already existing GKE Cluster to Mongo Atlas (VPC Peering)
- Connect to the CloudSQL Postgres from different project
- App Services in peered Azure vnet not working
- How to open up a service internally only from project A in GCP to a gRPC service in cloudrun in project B
- Peering a ScyllaDB cluster with one in GKE
- Is there a python sdk to get the list of vnet peering in azure?
- VPC Peering is replaced all the time by Terraform
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Whitelisting IPs is usually not recommended when you can avoid doing so, following Zero Trust pattern.
Depending on your constraints and organization rules, you might want to leverage VNet Peering with a Hub-and-Spoke topology (or not) or even Private Link across VNets/regions for PaaS (or VMs behind a Load Balancer) to make sure traffic is flowing via the Microsoft backbone and not via the Internet, IP spoofing being a common attack.
I would always refer to the Microsoft Well-Architected Framework for such questions.