Application gateway support multi-site listening on Private and Public Frontend IPs
Currently the web application firewall can be configured with multiple Frontend IPs, such as Public & Private. However, multi-site listeners cannot be configured on standard web ports (80 & 443) on both frontend IPs. No port overlap is allowed. User must decide which of the two frontend IPs gets to listen on standard web ports, and the other must be configured on alternate ports. This is not usable for non-technical end users, and many of us require both public and private frontend IPs to support internal-only sites (such as a company intranet) in addition to customer-facing ones.
Ken Leach commented
I agree. Often companies what to keep traffic private to and from Azure using Express Routes of VPNs. To have a public listener is fine for internet users, but to force people on the company infrastructure to go to the internet and back down changes the required network traffic pattern. A private IP listening on the same port at the public would solve this.. vs having to use 8080 or something. Is there a work around for this issue?