Azure AppGateway same port cant be used on both private and public IP
Currently we have an app gateway deployed, we have several listeners that are on a private IP address, (for internal users) the plan was to also make these sites available on an external IP on the same app gateway.
However it appears once a port has been assigned in a listener, it can not be assigned to another listener with a different front end port.
A ticket was raised with MS ref: :118062518450635.
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
Boudewijn Plomp commented
This would be a nice feature. Or it would be nice if you could associate the 'Public' and 'Private' frontend IP to the same listener. That would make it way much easier. Like mentioned by others; some users connect through ExpressRoute, VPN or the Virtual Network itself.
Many applications use this pattern so that all traffic flows through a WAF. The concept of "SSL offload" or "only encrypting from internet traffic" really isn't viable anymore. End-to-End encryption, regardless of the path is required just about everywhere, without this feature we just have to deploy two full app gateways at which point we can just use an NVA.
Juraj SUCIK commented
I would welcome the same. Internal users would then reach the App Gw over our VPN and Express Route connections while external users could access via public IP. It can help us to consolidate App Gw instances and improve the security posture while decreasing the complexity.
Jeff Miles commented
This would be a really nice feature. I know the standard answer is "use an internal Load Balancer for your private connection" but that just adds another layer of complexity, not to mention requires consideration for outbound SNAT rules.