Caoxuyang
commented
1 year ago Hi @ezYakaEagle442 ,
Thank you for submitting this issue. The outbound IP address after stopping ASA has different behaviors depending on whether you bring your own virtual network.
If so and this ASA is injected into your own VNet, the outbound IP address do have chance to be changed after stopping operation. And sorry for not mentioning this in the doc, I will update it ASAP.
If the ASA is a default one and not injected into a customer's VNet, actually the outbound IP address will keep the same after the stop operation.
Stopping ASA results in getting new outbound IPs, as a result , when the Apps restart they fail as blocked by the Firewall initially set on MySQL, KeyVault etc. as the rules were set on new outbound IPs which have changed.
Solution : update IP Rule on Firewalls where required, then restart ALL Apps in ASA.
This should be documented.
See allso https://github.com/MicrosoftDocs/azure-docs/issues/106478