@GRAY Mike
Thank you for reaching out.
I understand you wish to know if you can use the TLS inspection feature of Azure Firewall for the outbound calls from your Azure Function apps.
I did some research internally and have seen that this architecture is possible and you can use the TLS inspection feature of Azure Firewall Premium for the outbound calls from your Azure Function apps.
Following will be the summary of steps required:
- Deploy an Azure Firewall Premium and route the outbound traffic from the Function App traffic to the Azure Firewall. Something like the tutorial here for the App Service (I could not find a tutorial specific to the Function App)
- Follow the Steps here to enable TLS Inspection with Azure Firewall Premium Certification Auto-Generation and Add the newly created Root Certificate (in step 6) to the function app's trusted root store – To allow it to trust and connect through the AZFW. (Azure Firewall Premium Certification Auto-Generation is not recommended for production environment and you can follow this documentation to generate enterprise CA certificate)
Azure Firewall Premium can intercept outbound HTTP/S traffic and auto-generate a server certificate for www.website.com
. This certificate is generated using the Root certificate provided above. This way Azure Firewall will establish a TLS connection with your API server. The traffic flow will be as shown below
Please let me know if you have any question related to Azure Firewall TLS inspection and Certificates, I also highly recommend that you go through this TLS Inspection By Azure Firewall Video by Microsoft Security team.
Hope this helps! Please let me know if you have any additional questions. Thank you!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.