Instance IPs of Application Gateway are not visible in Portal
In our usecase, external facing App Gateway(AG) will forward the traffic to PaloAlto virtual firewalls and firewall will NAT traffic to internal AG. Every application will have it's own external & internal AG. The NAT policy in firewall cannot use external AG subnet as source, you will have to identify instance IPs of each external AG and create NAT policy based on that. At the moment only Azure support have visibility to instance IPs, these IPs need to be exposed to Portal.

1 comment
-
hisashima commented
Sometimes instance IP address and front end IP are duplicating so we can not get available address from portal or pwershell. I hope to see available address.