Add static IP address for outbound traffic without the use of App Service Environment
There are many reasons you may want to have a static IP address for outbound connections. For example, you may be accessing a system which requires you to whitelist IP address in a firewall, such as SQL Database or an external service.
Currently, the only way to get a static IP address for outbound connections is to use App Service Environment. App Service Environments are quite complex, and has a very high price tag. You need at least 4 instances, 2 of which must be P2, meaning you'll pay at least 1000 EUR/month. Paying 1000 EUR/month just because you want a static IP address is obviously ridiculous.
I'm looking forward to being able to use a static IP address without an App Service Environment.
Still no news to share, just to add that we are investigating options on modifications for the App Service multi-tenant offering with enhanced capabilities.
Any update on this?
Any updates azure? This is very useful feature especially when it comes to security aspects. By implementing this feature, it will make Azure very secured and give an advantage over the other cloud provider.
3 years and counting!
Surprised to see that something that reduces revenue hasn't been resolved yet #notsurprised
3 years and still no update
+9999! This should be implemented
Saas QuotaGuard available on Azure can help the situation.
Marlon Regenhardt commented
Really no official update since 2018? Still looking for a way to easily let only one specific App Service connect to a certain Azure SQL Database on a SQL Server.
Miikka Tuori commented
I have enabled VNET integration for the App Service Plan. Can I force all outbound traffic to flow through the Application Gateway with WAF (v2)? It does have a public static IP.
Time and again I run into this problem. Have to convert our .NET Core Azure Functions into .NET Framework Cloud Services (classic) just to get a static outbound IP.
Feels like this is a strategic decision by Micro$oft to force people to use the only and very expensive option of ASE.
This is same with Azure function in consumption tier, IP may change and static ip requirement forcing customer to use ASE with 3 time cost. Surprised to see this is not resolved yet.
Karel Golberg commented
This is very annoying indeed. Unbelievable that this has not been solved yet (this request is 3 years old). Whitelisting IP's is still very common today.
3 vote for this, obviously there would be static IP for outbound traffic for whitelisting for third parties and Database
Jens Vestergaard commented
This has become an issue for us as well, and we would very much like to know which direction you will be going with this.
Pedro Feio commented
Can you please provide an update on this? At least an update mentioning if you're building this, pr planning to build this into the App Services or not.
Stephan van Rooij commented
I can't believe this isn't possible yet. I don't like the fact that some 3th party systems require (manual) IP whitelisting, but for now I have to live with it.
GOPINATH THIRUVENGADAM commented
With Azure Application gateway supporting static IP and traffic leaving the app gw v2 also having the same static public IP, we can get away with ASE's with a combination of splitting the web and mid tier across 3 application gateways. Web AppGW exposed to the internet and Mid AppGW with public static IP but NSG in front so it accepts traffic only from Web APPGW static IP, and the DB behind another APPGWV2 that is configured to receive traffic only from MiDAPPGWV2.
This is a Key Feature to many clients of Microsoft. It is obviously for security that Microsoft's clients must use a whilelist in their external systems. For this reason, it is a great feature to improve the App Services.
Paul Broman commented
Seriously, this seems like such a basic thing. I just assumed you could pin a service to an outbound IP somewhere quickly and easily. I have developers working on things and now we're looking at migrating to VMs. I suppose I should have done more homework on this, but it just seems like such a basic common need for so many developers. Why should it cost a pile of cash just so you can assign stuff to a static outbound IP? Terrible.
Matias Osca commented
Another vote.. Be able to run a script to make outbound call from a static IP would help to white-list in my external systems