Skip to content

Commit a6793bf

Browse files
authored
Merge pull request #228646 from jaesoni/same-port-preview
Same port feature - preview release
2 parents b093ea9 + 4260e0a commit a6793bf

File tree

4 files changed

+31
-4
lines changed

4 files changed

+31
-4
lines changed

articles/application-gateway/application-gateway-faq.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -259,7 +259,8 @@ sections:
259259
Yes. See [restrict access to specific source IPs](./configuration-infrastructure.md#allow-access-to-a-few-source-ips).
260260
261261
- question: Can I use the same port for both public-facing and private-facing listeners?
262-
answer: No.
262+
answer: |
263+
Yes, you can use public-facing and private-facing listeners with the same port number to simultaneously support both public and private clients (feature in Preview). Note that if a Network Security Group (NSG) is associated with your application gateway's subnet, a specific Inbound rule may be needed depending on its configuration. [Know more](./configuration-listeners.md#frontend-port).
263264
264265
- question: Does Application Gateway support IPv6?
265266
answer: Application Gateway v2 doesn't currently support IPv6. It can operate in a dual stack VNet using only IPv4, but the gateway subnet must be IPv4-only. Application Gateway v1 doesn't support dual stack VNets.

articles/application-gateway/configuration-frontend-ip.md

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services: application-gateway
55
author: greg-lindsay
66
ms.service: application-gateway
77
ms.topic: conceptual
8-
ms.date: 09/09/2020
8+
ms.date: 02/26/2023
99
ms.author: greglin
1010
---
1111

@@ -33,6 +33,17 @@ Only one public IP address and one private IP address is supported. You choose t
3333

3434
A frontend IP address is associated to a *listener*, which checks for incoming requests on the frontend IP.
3535

36+
>[!NOTE]
37+
> You can create private and public listeners with the same port number (Preview feature). However, be aware of any Network Security Group (NSG) associated with the application gateway subnet. Depending on your NSG's configuration, you may need an inbound rule with **Destination IP addresses** as your application gateway's public and private frontend IPs.
38+
>
39+
> **Inbound Rule**:
40+
> - Source: (as per your requirement)
41+
> - Destination IP addresses: Public and Private frontend IPs of your application gateway.
42+
> - Destination Port: (as per listener configuration)
43+
> - Protocol: TCP
44+
>
45+
> **Outbound Rule**: (no specific requirement)
46+
3647
## Next steps
3748

3849
- [Learn about listener configuration](configuration-listeners.md)

articles/application-gateway/configuration-infrastructure.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,8 @@ Network security groups (NSGs) are supported on Application Gateway. But there a
9191

9292
- Traffic from the **AzureLoadBalancer** tag with the destination subnet as **Any** must be allowed.
9393

94+
- To use public and private listeners with a common port number (Preview feature), you must have an inbound rule with the **destination IP address** as your gateway's **frontend IPs (public and private)**. When using this feature, your application gateway changes the "Destination" of the inbound flow to the frontend IPs of your gateway. [Learn more](./configuration-listeners.md#frontend-port).
95+
9496
### Allow access to a few source IPs
9597

9698
For this scenario, use NSGs on the Application Gateway subnet. Put the following restrictions on the subnet in this order of priority:

articles/application-gateway/configuration-listeners.md

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services: application-gateway
55
author: greg-lindsay
66
ms.service: application-gateway
77
ms.topic: conceptual
8-
ms.date: 11/23/2022
8+
ms.date: 02/27/2023
99
ms.author: greglin
1010
ms.custom: devx-track-azurepowershell
1111
---
@@ -38,7 +38,20 @@ Choose the frontend IP address that you plan to associate with this listener. Th
3838

3939
## Frontend port
4040

41-
Choose the frontend port. Select an existing port or create a new one. Choose any value from the [allowed range of ports](./application-gateway-components.md#ports). You can use not only well-known ports, such as 80 and 443, but any allowed custom port that's suitable. A port can be used for public-facing listeners or private-facing listeners, however the same port cannot be used for both at the same time.
41+
Associate a frontend port. You can select an existing port or create a new one. Choose any value from the [allowed range of ports](./application-gateway-components.md#ports). You can use not only well-known ports, such as 80 and 443, but any allowed custom port that's suitable. The same port can be used for public and private listeners (Preview feature).
42+
43+
>[!NOTE]
44+
> When using private and public listeners with the same port number, your application gateway changes the "destination" of the inbound flow to the frontend IPs of your gateway. Hence, depending on your Network Security Group's configuration, you may need an inbound rule with **Destination IP addresses** as your application gateway's public and private frontend IPs.
45+
>
46+
> **Inbound Rule**:
47+
> - Source: (as per your requirement)
48+
> - Destination IP addresses: Public and Private frontend IPs of your application gateway.
49+
> - Destination Port: (as per listener configuration)
50+
> - Protocol: TCP
51+
>
52+
> **Outbound Rule**: (no specific requirement)
53+
54+
**Limitation**: The portal currently supports private and public listeners creation only for the Public clouds.
4255

4356
## Protocol
4457

0 commit comments

Comments
 (0)