locked
How to overcome the static public IP limitation for Azure Application Gateway RRS feed

  • Question

  • The Azure Application Gateway does not allow associating a static public IP. However, this is a very painful limitation, since the DNS record should only use a CNAME, and that a CNAME cannot be defined for a root domain (see RFC1034) or it can be the only record for the domain. Which means: no mail sever for the domain, no TXT record, ...

    This has crazy side effects: let's say I'd like to use the 'App Service Certificate' and get an SSL cert from Azure... The verification step requires me to define a new TXT record. Which I can't... Other situation: if I want to setup a mail server on this domain: I can't! Because no MX record can be configured on the same domain than the CNAME.

    Clearly, a static public IP would allow to define an 'A' DNS record, and overcome all those limitations. However, should one wants to use a static IP, Azure recommends using a Load Balancer, which:
    a) is not able to perform the Path-based rules I need from the Application Gateway
    b) cannot even be set in front of the Application Gateway

    So I'm wondering which kind of best practice is suggested when it comes to using an Application Gateway in production.

    Hint: I will not (and cannot, anyway) prefix my webiste domain with 'www' as a workaround.
    Thursday, July 27, 2017 9:37 AM

Answers

  • Static IP support is in the product roadmap.
    Also, the VIP of Application Gateway does not change on a running gateway. It is changed only when customer initiates a stop and start of the Gateway. It does not change on system failures, OS updates, Azure host updates etc.
    ---------------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.   
    Monday, July 31, 2017 6:18 PM

All replies

  • Static IP support is in the product roadmap.
    Also, the VIP of Application Gateway does not change on a running gateway. It is changed only when customer initiates a stop and start of the Gateway. It does not change on system failures, OS updates, Azure host updates etc.
    ---------------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.   
    Monday, July 31, 2017 6:18 PM
  • Hello vijisankar, 

    I just wanted to check whether you are aware of any eta as when static IP support with App GW will be available.

    Thanks,

    George

    Tuesday, September 25, 2018 1:54 PM
  • As of today, Application Gateway does not support static public IP addresses, but it does support static internal IPs. And we don't have an ETA for it. 
    You may leave your feedback here and upvote for the same. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

    ---------------------------------------------------------------------------------------------

    If this answer was helpful, click “Mark as Answer” or “Up-Vote”. To provide additional feedback on your forum experience, click here

    • Proposed as answer by vijisankar Tuesday, September 25, 2018 4:05 PM
    Tuesday, September 25, 2018 4:05 PM
  • Associating Static public IPs is now possible with Application Gatway Standard_v2 sku.

    https://docs.microsoft.com/en-us/azure/application-gateway/tutorial-autoscale-ps 

    • Proposed as answer by Mr. Writable Friday, December 13, 2019 7:32 AM
    Tuesday, February 19, 2019 1:23 PM