You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/application-gateway/application-gateway-private-deployment.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: application-gateway
6
6
author: greg-lindsay
7
7
ms.service: application-gateway
8
8
ms.topic: how-to
9
-
ms.date: 05/22/2023
9
+
ms.date: 07/18/2024
10
10
ms.author: greglin
11
11
#Customer intent: As an administrator, I want to evaluate Azure Private Application Gateway
12
12
---
@@ -17,18 +17,18 @@ ms.author: greglin
17
17
18
18
Historically, Application Gateway v2 SKUs, and to a certain extent v1, have required public IP addressing to enable management of the service. This requirement has imposed several limitations in using fine-grain controls in Network Security Groups and Route Tables. Specifically, the following challenges have been observed:
19
19
20
-
1. All Application Gateways v2 deployments must contain public facing frontend IP configuration to enable communication to the **Gateway Manager** service tag.
21
-
2. Network Security Group associations require rules to allow inbound access from GatewayManager and Outbound access to Internet.
22
-
3. When introducing a default route (0.0.0.0/0) to forward traffic anywhere other than the Internet, metrics, monitoring, and updates of the gateway result in a failed status.
20
+
* All Application Gateways v2 deployments must contain public facing frontend IP configuration to enable communication to the **Gateway Manager** service tag.
21
+
* Network Security Group associations require rules to allow inbound access from GatewayManager and Outbound access to Internet.
22
+
* When introducing a default route (0.0.0.0/0) to forward traffic anywhere other than the Internet, metrics, monitoring, and updates of the gateway result in a failed status.
23
23
24
24
Application Gateway v2 can now address each of these items to further eliminate risk of data exfiltration and control privacy of communication from within the virtual network. These changes include the following capabilities:
25
25
26
-
1. Private IP address only frontend IP configuration
26
+
* Private IP address only frontend IP configuration
27
27
- No public IP address resource required
28
-
2. Elimination of inbound traffic from GatewayManager service tag via Network Security Group
29
-
3. Ability to define a **Deny All** outbound Network Security Group (NSG) rule to restrict egress traffic to the Internet
30
-
4. Ability to override the default route to the Internet (0.0.0.0/0)
31
-
5. DNS resolution via defined resolvers on the virtual network [Learn more](../virtual-network/manage-virtual-network.yml#change-dns-servers), including private link private DNS zones.
28
+
* Elimination of inbound traffic from GatewayManager service tag via Network Security Group
29
+
* Ability to define a **Deny All** outbound Network Security Group (NSG) rule to restrict egress traffic to the Internet
30
+
* Ability to override the default route to the Internet (0.0.0.0/0)
31
+
* DNS resolution via defined resolvers on the virtual network [Learn more](../virtual-network/manage-virtual-network.yml#change-dns-servers), including private link private DNS zones.
32
32
33
33
Each of these features can be configured independently. For example, a public IP address can be used to allow traffic inbound from the Internet and you can define a **_Deny All_** outbound rule in the network security group configuration to prevent data exfiltration.
34
34
@@ -42,7 +42,7 @@ For more information about preview features, see [Set up preview features in Azu
42
42
43
43
## Register to the preview
44
44
45
-
# [Azure Portal](#tab/portal)
45
+
# [Azure portal](#tab/portal)
46
46
47
47
Use the following steps to enroll into the public preview for the enhanced Application Gateway network controls via the Azure portal:
48
48
@@ -108,7 +108,7 @@ For more information about preview features, see [Set up preview features in Azu
108
108
109
109
## Unregister from the preview
110
110
111
-
# [Azure Portal](#tab/portal)
111
+
# [Azure portal](#tab/portal)
112
112
113
113
To opt out of the public preview for the enhanced Application Gateway network controls via Portal, use the following steps:
114
114
@@ -347,7 +347,7 @@ To create a route table and associate it to the Application Gateway subnet:
347
347
348
348
While in public preview, the following limitations are known.
349
349
350
-
### Private link configuration (preview)
350
+
### Private link configuration
351
351
352
352
[Private link configuration](private-link.md) support for tunneling traffic through private endpoints to Application Gateway is unsupported with private only gateway.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments