Hello @vlad_d ,
I understand that you have an Application Gateway with 2 frontend IP configurations - one Public and one Private, both listening on the same port 443 with multi-site listeners and this setup works. But when you add a private link and attach it to the Private Frontend IP, a short downtime occurs and post that the hosts that are listening on the Private Frontend IP Conf becomes available again and works as expected, however the host that is listening on the Public Frontend IP Conf continues to be down, and you receive TCP RST when trying to establish an SSL connection.
I discussed this issue with the Application gateway Product Group team and found that there was a bug with "Private link service + Floating IP (using same port on both public & private frontend) + Multi site listener" configuration in Application gateway that was recently addressed, and the fix rollout is underway.
The Product Group team suggested that you can try to use different ports for both Public and Private multi-site listeners as a workaround in the meantime.
However, you didn't want to implement the workaround of using different ports for Public and Private listeners, since it is necessary for your setup to use the default HTTPS 443 port for both listeners. Instead, they would stop using the Private Link functionality for now and try some kind of workaround until the issue is fixed.
Your Application gateway is deployed in West Europe region and since some regions already have the fix available, I reached out to the Application gateway Product Group team to get an ETA on the fix rollout for West Europe region.
The ETA for the fix rollout in West Europe region is tentatively planned to complete in the next two weeks (however, keep in mind that the ETA is subject to change).
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.