Ahosti.Com
Read trending IT updates for cloud businesses, managed service providers, IT pros & what innovation digital transformation is driving in tech industry.

Bots Secured Behind a Firewall & Groups 

0 14

Contacts: Daniel Evans, CK Kashyap, Mark Franco

Objective 

Host bot behind a firewall and enable dialogs with the bot utilizing GroupsThe implication of “bot behind a firewall” is that the community connectivity to/from the bot is restricted to solely the vital machines (IP addresses). 

The reference community structure beneath illustcharges how a Bot could also be run inside a Digital Community(VNET) that permits site visitors solely to and from a set of IP addresses that belong to Microsoft Groups and Azure Bot Service(ABS). The egress site visitors restrictions are set by the networking guidelines within the firewall and the ingress site visitors restrictions are set utilizing the Community Safety Group (NSG) guidelines of the App GW  

VNET

Proscribing Egress

Directions to setup the ASE such that the egress site visitors is routed by the firewall is right hereSet the firewall to prohibit site visitors solely to Groups and ABS by including the next guidelines in a Community Rule Assortment (Guidelines -> Community Rule Assortment) 

  1. IP Tackle rule – enable site visitors from the subnet of the ASE to 52.112.0.0/14 
  2. FQDN rule – enable site visitors from the subnet of the ASE to login.microsoftonline.com 
  3. FQDN rule – enable site visitors from the subnet of the ASE  to login.botframework.com 

Restrict egress rules

Proscribing Ingress 

Restrict the ingress site visitors to Groups by including an inbound safety rule to the NSG related to the subnet of the App Gateway. As proven within the snapshot beneath, the inbound site visitors from solely 52.112.0.0/14 to the subnet of the ASE is allowed. 

Restrict ingress rules

You might also like
Loading...