azureazure-web-app-serviceazure-cosmosdbvnet

Azure Vnet peering with private endpoints


I have a two vnets (vnet1 and vnet2) I established a peering between them. I have Web App service with outbound traffic vnet integration set to vnet1.

I have a CosmosDb private endpoint in vnet2. I use account endpoint and key to authenticate to the Cosmos from the web app. When I try to access it I'm getting error:

Response status code does not indicate success: Forbidden (403); Reason: (Request originated from IP xx.xx.xx.xx through public internet. This is blocked by your Cosmos DB account firewall settings.

Could you advice why the traffic goes via public network and how to fix it, please?


Solution

  • You will need a single private DNS zone for the private endpoint and the DNS Zone must be linked to both VNETs.