We're increasing the safety of our recently developed software (running on Service Fabric), and want all trafic to go through the API Management. In the load balancer of the SFcluster, you can restrict access on a port level, but where do I restrict access to my cluster on IP-address level? We want to only allow incomming trafic from the API Management, and block everything else, so blacklist all IP-addresses but the API Managemnet IP.
Thanks!
You can use a Network Security Group for this.
A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager). When an NSG is associated to a subnet, the rules apply to all resources connected to the subnet. Traffic can further be restricted by also associating an NSG to a VM or NIC.
This quick start template describes how to deploy one. More about networking here.