Why does Azure Application Gateway require an empty subnet

后端 未结 2 1047
一向
一向 2021-02-09 06:24

When I try to execute New-AzureRmApplicationGatewayIPConfiguration to create an application gateway, I get an exception:

Subnet xxx cannot be used for applicatio         


        
相关标签:
2条回答
  • 2021-02-09 06:59

    I had the same issue, so my virtual network was 10.0.0.0/24 which was not allowing me to create a separate subnet. I solved the issue as we added another address space into the azure virtual network e.g. 10.10.0.0.24, then created a new subnet so that the application gateway was happy to work with the backend servers.

    0 讨论(0)
  • 2021-02-09 07:14

    The application gateway must be in a subnet by itself as explained in the documentation, hence the reason it is not an option. Create a smaller address space for your application gateway subnet (CIDR 'x.x.x.x/29') so you're not wasting IP addresses unnecessarily.

    It's a good practice to strive for a multi-tier network topology using subnets. This enables you to define routes and network security groups (ie: allow port 80 ingress, deny port 80 egress, deny RDP, etc.) to control traffic flow for the resources in the subnet. The routing and security group requirements for a gateway are generally going to be different than routing and security group requirements of other resources in the virtual network.

    0 讨论(0)
提交回复
热议问题