Application Gateway restrict by IP

azure azure-application-gateway
Marc Cals picture Marc Cals · May 17, 2017 · Viewed 7.5k times · Source

We have a cluster of VM in azure exposing some internal API's. To do more secure we are using Application Gateway to have ssl offload. But also we would like to restrict the external IP's that can access to this API's. Is there a way to allow only a range of IP's to connect through and Application Gateway?

Thanks.

Answer

4c74356b41 picture 4c74356b41 · May 17, 2017

Q. Are Network Security Groups supported on the Application Gateway subnet?
Network Security Groups are supported on the Application Gateway subnet, but exceptions must be put in for ports 65503-65534 for backend health to work correctly. Outbound internet connectivity should not be blocked.

So just create a network security group on the subnet of the NSG and restrict IP's. Network security group is basically a firewall.
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-nsg

Related questions

Redirect HTTP to HTTPS in Azure Application Gateway

I have configured an Application Gateway (AG) to do SSL termination/offload. The AG is configured to only listen on port 443 for HTTPS connections. Is it possible to redirect HTTP to HTTPS without having to: Create a new VM that …

Read More
Custom domain for Azure application gateway

I am trying to create application gateway with custom domain name, I keep getting error saying "cannot have Domain Name Label specified." I was wondering if I am doing something wrong or it's not possible for azure application gateway to …

Read More
How to get the azure account tenant Id?

My question is: Is it possible to get the azure active directory tenant id without using powershell command? I found this two blogs and with this help, I'm already able to get the tenant ID and subscriptions ID from powershell. …

Read More