Static Public Source IP in Azure with Network Address Translation (NAT) Gateway
Вставка
- Опубліковано 11 вер 2024
- In this video, we configure an Azure Network Address Translation (NAT) Gateway. A NAT Gateway provides a static source public IP or IP range for resources in an Azure VNet. It can be used for controlling the source IP for sites that may restrict access by a whitelist, or as an exclusion in MFA Conditional Access policies. The video walks through an example of using a NAT Gateway for a Windows Virtual Desktop (WVD) deployment so users bypass MFA when logging in from a WVD Session Host.
EDIT 10/5/2020: Please see this link for potential issues using WVD and the NAT Gateway techcommunity....
Exactly what I was looking to achieve for outbound Container Instance traffic
A really helpful video. Creating a NAT gw for some testing/exam prep and this made it really easy to complete. Thanks.
Thanks for showing this. What is the behavior for passwordless Logins when the login request comes from an excluded IP?
Does this work for a Azure Web Sevice? I have bunch of additional outbound IP addresses that I want to whitelist, but it would make life easier if they all come from one IP address.
Hey Travis,
Great video! Almost exactly what I was looking for and hoping is possible to do.
Is it possible to do the same with P2S VPN clients?
To be more specific to route all traffic or traffic from a specific port from connected clients to go through an Azure public source IP.
If I am trying to load balancer network access across two networks (example- two firewalls in each region, each region has one load balancer for the two firewalls in that one region. my route tables are set to send all traffic for that one region to the ip of the load balancer. ) But what if your load balancer for your prod firewalls are down, can you use weights to send all traffic to the DR load balancer? I see no way of doing that. I did find something about a regional load balancer, but it uses a public IP address and I want to keep all this traffic inside of my azure network and my two regions. I could set a manuel process which will cause an outage and that would be to have two route tables for each region, then there is an outage, I would just change the route table for the vnet to point to the second region load balancer. So what am I missing.
Excellent 👌
I use an out-bound Load Balancer in Azure that gives the same result cheaper. Why use a NAT gateway over a Load Balancer?
A load balancer is another good option. The NAT Gateway may be easier for some to deploy.
@@Ciraltos I agree, thank you for clarifying
Same here. We are running "Classic" WVD with the free Azure Load Balancer option. Have had no issues.
See these for reference:
github.com/MicrosoftDocs/azure-docs/issues/33988
help.nerdio.net/hc/en-us/articles/360030938932-How-do-I-assign-a-static-outbound-IP-to-RDS-collections-or-WVD-pools-
Hi, thanks for sharing! For some reason after I create the nat gateway and have the IP address it will not let me add to list by going to Azure active directory and then security. Is this because I set something up wrong? My goal is to have a public static IP so it can be added to a whitelist so I can Access a database I want to move tables from into my new Azure SQL database.