Add static IP address for outbound traffic without the use of App Service Environment
There are many reasons you may want to have a static IP address for outbound connections. For example, you may be accessing a system which requires you to whitelist IP address in a firewall, such as SQL Database or an external service.
Currently, the only way to get a static IP address for outbound connections is to use App Service Environment. App Service Environments are quite complex, and has a very high price tag. You need at least 4 instances, 2 of which must be P2, meaning you'll pay at least 1000 EUR/month. Paying 1000 EUR/month just because you want a static IP address is obviously ridiculous.
I'm looking forward to being able to use a static IP address without an App Service Environment.

You can now use a NAT Gateway integration to have a static IP address for outbound requests.
https://azure.github.io/AppService/2020/11/15/web-app-nat-gateway.html
Best,
Jason
54 comments
-
Kostas commented
You cannot use the solution Jason presented with Consumption plan functions. This increases the costs a lot as you need to have a NAT Gateway AND your functions on at least the Standard plan.
Exactly the opposite of what we'd like to achieve when building a micro architecture environment with a lot of passive functions in the deeper layers. You just want to be able deploy a function that is able to securely access / push some data now and then, or in a timed fashion trigger some actions on IP whitelistend endpoints to keep cache warm for example.
What would be the best way to achieve that in a cost-effective manner?
-
George commented
I still cannot route outbound traffic from my web app through my Application Gateway (WAF)....
-
John Mason commented
As of November you can now route outbound traffic through a VNET gateway - this is supported on App Service Standard and higher:
https://azure.github.io/AppService/2020/11/15/web-app-nat-gateway.html
It will require a few App configuration settings to force traffic into the VNET - but thats about it.
-
Anonymous commented
Is there any update?
-
Suj commented
Hey Azure is there any updates? This is one of the most requested feature here in azure web app. It has a lot of votes and comments already. Other cloud has this feature.
-
Atun commented
Any updates? It's already september 2020
-
Saif commented
Any update please?
Thanks -
Anonymous commented
Any update on this?
-
Atun commented
Any updates azure? This is very useful feature especially when it comes to security aspects. By implementing this feature, it will make Azure very secured and give an advantage over the other cloud provider.
-
George commented
3 years and counting!
-
Anonymous commented
Surprised to see that something that reduces revenue hasn't been resolved yet #notsurprised
-
Anonymous commented
3 years and still no update
-
Atun commented
+9999! This should be implemented
-
Aleksandar commented
Saas QuotaGuard available on Azure can help the situation.
-
Marlon Regenhardt commented
Really no official update since 2018? Still looking for a way to easily let only one specific App Service connect to a certain Azure SQL Database on a SQL Server.
-
Miikka Tuori commented
I have enabled VNET integration for the App Service Plan. Can I force all outbound traffic to flow through the Application Gateway with WAF (v2)? It does have a public static IP.
-
Gavin commented
Time and again I run into this problem. Have to convert our .NET Core Azure Functions into .NET Framework Cloud Services (classic) just to get a static outbound IP.
Feels like this is a strategic decision by Micro$oft to force people to use the only and very expensive option of ASE.
-
Chandrashekhar.NR commented
This is same with Azure function in consumption tier, IP may change and static ip requirement forcing customer to use ASE with 3 time cost. Surprised to see this is not resolved yet.
-
Karel Golberg commented
This is very annoying indeed. Unbelievable that this has not been solved yet (this request is 3 years old). Whitelisting IP's is still very common today.
-
Anonymous commented
3 vote for this, obviously there would be static IP for outbound traffic for whitelisting for third parties and Database