Application gateway error when create new rule for private listener

Ricardo Gabriel Nima Montalban 0 Reputation points
2023-12-01T17:50:36.58+00:00

Hello, I am trying to add a new rule and I got this error:

"Failed to save configuration changes to application gateway 'My_Appgw'. Error: Failed to save changes due to conflicting Application Gateway and Network Security Group configurations. When configuring or using common port for public and private listeners on application gateway, the Destination IP of the inbound flow changes to the frontend IPs of your gateway.You must thus update the Inbound rule for the NSG resource NSG-of-subnet-of-MyAppGW that is associated with the subnet"

I use public and private listener, with public and private IP, both listeners use 443 port (HTTPS).

In the NSG of the appgw subnet there are Inbound rule for public IP and subnet of private IP as destination on 443 port.

So please your help to solve the shown issue. What else do I need to add in NSG rules ?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,007 questions
{count} votes

1 answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 24,666 Reputation points Microsoft Employee
    2023-12-06T23:28:59.8766667+00:00

    @Ricardo Gabriel Nima Montalban

    Thank you for getting back and letting us know that the issue was resolved.

    I am just summarizing the issue and the solution above for community benefit. As current limitations in Microsoft Q&A you can only accept answers from other users. It will be helpful if you could accept the answer for community benefit.

    Issue:

    You were trying to add a new rule for your Application Gateway and you received this error:

    "Failed to save configuration changes to application gateway 'My_Appgw'. Error: Failed to save changes due to conflicting Application Gateway and Network Security Group configurations. When configuring or using common port for public and private listeners on application gateway, the Destination IP of the inbound flow changes to the frontend IPs of your gateway.You must thus update the Inbound rule for the NSG resource NSG-of-subnet-of-MyAppGW that is associated with the subnet"

    Solution:

    You were able to pin-point the issue when you realized that you had a private listener configured on port 80 which was not required, and it did not have any NSG rules associated with it. After deleting the port 80 private listener you were able to create new traffic rule for private listener on port 443 and had to make no changes in the NSG rules.

    Thank you!

    0 comments No comments