Skip to content

Commit f4cfe22

Browse files
Merge pull request #281241 from greg-lindsay/appgw-issues
remove preview tag and registration sections
2 parents 7ff5ec2 + 3badf79 commit f4cfe22

File tree

1 file changed

+12
-12
lines changed

1 file changed

+12
-12
lines changed

articles/application-gateway/application-gateway-private-deployment.md

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ services: application-gateway
66
author: greg-lindsay
77
ms.service: application-gateway
88
ms.topic: how-to
9-
ms.date: 05/22/2023
9+
ms.date: 07/18/2024
1010
ms.author: greglin
1111
#Customer intent: As an administrator, I want to evaluate Azure Private Application Gateway
1212
---
@@ -17,18 +17,18 @@ ms.author: greglin
1717

1818
Historically, Application Gateway v2 SKUs, and to a certain extent v1, have required public IP addressing to enable management of the service. This requirement has imposed several limitations in using fine-grain controls in Network Security Groups and Route Tables. Specifically, the following challenges have been observed:
1919

20-
1. All Application Gateways v2 deployments must contain public facing frontend IP configuration to enable communication to the **Gateway Manager** service tag.
21-
2. Network Security Group associations require rules to allow inbound access from GatewayManager and Outbound access to Internet.
22-
3. When introducing a default route (0.0.0.0/0) to forward traffic anywhere other than the Internet, metrics, monitoring, and updates of the gateway result in a failed status.
20+
* All Application Gateways v2 deployments must contain public facing frontend IP configuration to enable communication to the **Gateway Manager** service tag.
21+
* Network Security Group associations require rules to allow inbound access from GatewayManager and Outbound access to Internet.
22+
* When introducing a default route (0.0.0.0/0) to forward traffic anywhere other than the Internet, metrics, monitoring, and updates of the gateway result in a failed status.
2323

2424
Application Gateway v2 can now address each of these items to further eliminate risk of data exfiltration and control privacy of communication from within the virtual network. These changes include the following capabilities:
2525

26-
1. Private IP address only frontend IP configuration
26+
* Private IP address only frontend IP configuration
2727
- No public IP address resource required
28-
2. Elimination of inbound traffic from GatewayManager service tag via Network Security Group
29-
3. Ability to define a **Deny All** outbound Network Security Group (NSG) rule to restrict egress traffic to the Internet
30-
4. Ability to override the default route to the Internet (0.0.0.0/0)
31-
5. DNS resolution via defined resolvers on the virtual network [Learn more](../virtual-network/manage-virtual-network.yml#change-dns-servers), including private link private DNS zones.
28+
* Elimination of inbound traffic from GatewayManager service tag via Network Security Group
29+
* Ability to define a **Deny All** outbound Network Security Group (NSG) rule to restrict egress traffic to the Internet
30+
* Ability to override the default route to the Internet (0.0.0.0/0)
31+
* DNS resolution via defined resolvers on the virtual network [Learn more](../virtual-network/manage-virtual-network.yml#change-dns-servers), including private link private DNS zones.
3232

3333
Each of these features can be configured independently. For example, a public IP address can be used to allow traffic inbound from the Internet and you can define a **_Deny All_** outbound rule in the network security group configuration to prevent data exfiltration.
3434

@@ -42,7 +42,7 @@ For more information about preview features, see [Set up preview features in Azu
4242

4343
## Register to the preview
4444

45-
# [Azure Portal](#tab/portal)
45+
# [Azure portal](#tab/portal)
4646

4747
Use the following steps to enroll into the public preview for the enhanced Application Gateway network controls via the Azure portal:
4848

@@ -108,7 +108,7 @@ For more information about preview features, see [Set up preview features in Azu
108108

109109
## Unregister from the preview
110110

111-
# [Azure Portal](#tab/portal)
111+
# [Azure portal](#tab/portal)
112112

113113
To opt out of the public preview for the enhanced Application Gateway network controls via Portal, use the following steps:
114114

@@ -347,7 +347,7 @@ To create a route table and associate it to the Application Gateway subnet:
347347

348348
While in public preview, the following limitations are known.
349349

350-
### Private link configuration (preview)
350+
### Private link configuration
351351

352352
[Private link configuration](private-link.md) support for tunneling traffic through private endpoints to Application Gateway is unsupported with private only gateway.
353353

0 commit comments

Comments
 (0)