Skip to content

Commit 59297c9

Browse files
ferran-msferran-ms
authored
Update the number of available SNAT ports
Changed the value of 512,000 to 1,248,000 With the old value of 1,024 SNAT ports per public IP/vmss instance, the number was 512,000 (1024 x 250 x 2 = 512,000) With the new value of 2,496 SNAT ports per public IP/vmss instance, the number should be 1,248,000 (2496 x 250 x 2 = 1,248,000)
1 parent e2ada03 commit 59297c9

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/firewall/integrate-with-nat-gateway.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ ms.custom: devx-track-azurepowershell, devx-track-azurecli
1212

1313
# Scale SNAT ports with Azure Virtual Network NAT
1414

15-
Azure Firewall provides 2,496 SNAT ports per public IP address configured per backend virtual machine scale set instance (Minimum of 2 instances), and you can associate up to [250 public IP addresses](./deploy-multi-public-ip-powershell.md). Depending on your architecture and traffic patterns, you might need more than the 512,000 available SNAT ports with this configuration. For example, when you use it to protect large [Azure Virtual Desktop deployments](./protect-azure-virtual-desktop.md) that integrate with Microsoft 365 Apps.
15+
Azure Firewall provides 2,496 SNAT ports per public IP address configured per backend virtual machine scale set instance (Minimum of 2 instances), and you can associate up to [250 public IP addresses](./deploy-multi-public-ip-powershell.md). Depending on your architecture and traffic patterns, you might need more than the 1,248,000 available SNAT ports with this configuration. For example, when you use it to protect large [Azure Virtual Desktop deployments](./protect-azure-virtual-desktop.md) that integrate with Microsoft 365 Apps.
1616

1717
Another challenge with using a large number of public IP addresses is when there are downstream IP address filtering requirements. Azure Firewall randomly selects the source public IP address to use for a connection, so you need to allow all public IP addresses associated with it. Even if you use [Public IP address prefixes](../virtual-network/ip-services/public-ip-address-prefix.md) and you need to associate 250 public IP addresses to meet your outbound SNAT port requirements, you still need to create and allow 16 public IP address prefixes.
1818

0 commit comments

Comments
 (0)