You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-apps/use-azure-firewall.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,6 +41,7 @@ Application rules allow or deny traffic based on the application layer. The foll
41
41
| Azure Container Registry (ACR) |*Your-ACR-address*, `*.blob.core.windows.net`, `login.microsoft.com`| These FQDNs are required when using Azure Container Apps with ACR and Azure Firewall. |
42
42
| Azure Key Vault |*Your-Azure-Key-Vault-address*, `login.microsoft.com`| These FQDNs are required in addition to the service tag required for the network rule for Azure Key Vault. |
43
43
| Managed Identity |`*.identity.azure.net`, `login.microsoftonline.com`, `*.login.microsoftonline.com`, `*.login.microsoft.com`| These FQDNs are required when using managed identity with Azure Firewall in Azure Container Apps. |
44
+
| Azure Service Bus |*.servicebus.windows.net | These FQDNs are required when your container apps communicate with Azure Service Bus (queues, topics, or subscriptions) through Azure Firewall. |
44
45
| Aspire Dashboard |`https://<YOUR-CONTAINERAPP-REGION>.ext.azurecontainerapps.dev`| This FQDN is required when using Aspire dashboard in an environment configured with a virtual network. Please update the FQDN with your container app's region. |
45
46
| Docker Hub Registry |`hub.docker.com`, `registry-1.docker.io`, `production.cloudflare.docker.com`| If you're using [Docker Hub registry](https://docs.docker.com/desktop/allow-list/) and want to access it through the firewall, you need to add these FQDNs to the firewall. |
46
47
| Azure China |`mcr.azure.cn`, `*.data.mcr.azure.cn`| Azure Container Apps in the Azure China environment use these Microsoft Container Registry (MCR) endpoints to pull container images. When using Azure Firewall, you must allow either the corresponding application rules or network rules for MCR. This requirement applies only to the **Azure China environment**. |
@@ -55,6 +56,7 @@ Network rules allow or deny traffic based on the network and transport layer. Wh
55
56
| Azure Container Registry (ACR) |`AzureContainerRegistry`, `AzureActiveDirectory`| When using ACR with Azure Container Apps, you need to configure these network rules used by Azure Container Registry. |
56
57
| Azure Key Vault |`AzureKeyVault`, `AzureActiveDirectory`| These service tags are required in addition to the FQDN for the network rule for Azure Key Vault. |
57
58
| Managed Identity |`AzureActiveDirectory`| When using Managed Identity with Azure Container Apps, you'll need to configure these network rules used by Managed Identity. |
59
+
| Azure Service Bus | ServiceBus | Required when your container apps access Azure Service Bus using Azure Firewall and service tags. |
58
60
59
61
> [!NOTE]
60
62
> For Azure resources you're using with Azure Firewall not listed in this article, please refer to the [service tags documentation](../virtual-network/service-tags-overview.md#available-service-tags).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments