![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 80%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
969 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
If your VM is in the backend of the App gateway and you have added this VM as "Target Type" as "Virtual Machine", then communication between Application Gateway and this VM is contained within the virtual network.
Wrt, "Internal communications pass through the public IP of the App Gateway,"
- As you have mentioned your App gateway uses a Public IP only, all inbound communications to this App gateway can only come in via Internet.
- However, as mentioned above, the traffic between the App Gateway and the backend VM is contained within the VNET.
How an App gateway works:
- Application Gateway is deployed into a subnet in the VNET.
- Application gateway instances are assigned IP Addresses from the subnet (Private IPs).
- Application gateway uses this instance IPs to communicate to the backend VMs.
Refer : How an application gateway routes a request
The traffic flow is as follows:
Source <---> via Internet <---> AppGateway <---> via VNET <---> Backend VM
The use of "private IP for the Application Gateway" is to enable communication "to" the App gateway and not from the App gateway to happen via the Virtual Network/Private Network.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.