I have a two vnets (vnet1 and vnet2) I established a peering between them.
I have Web App service with outbound traffic vnet integration set to vnet1.
I have a CosmosDb private endpoint in vnet2.
I use account endpoint and key to authenticate to the Cosmos from the web app.
When I try to access it I’m getting error:
Response status code does not indicate success: Forbidden (403); Reason: (Request originated from IP xx.xx.xx.xx through public internet. This is blocked by your Cosmos DB account firewall settings.
Could you advice why the traffic goes via public network and how to fix it, please?
2
Answers
When I tried to access Cosmos DB private link in vnet2 I got the same error like below:
To resolve this issue, make use of below steps:
Once this configuration is in place, any requests coming from machines that aren’t on the permitted list will result in a 403 (Forbidden) response. It is recommended to allow Azure portal to access your account when using IP firewall.
In your Cosmos -> Networking ->selected network -> add you existing virtual network (vnet2) like below:
Added private endpoint in vnet2:
Now, when I tried to access my cosmos db account got result successfully like below:
Reference:
Configure an IP firewall for your Azure Cosmos DB account | Microsoft Learn
You will need a single private DNS zone for the private endpoint and the DNS Zone must be linked to both VNETs.