Is it possible to disable ICMP pings to Application Gateway Standard V2 SKU?

Question

Azure-enthusiast 40

Is it possible to disable ICMP pings to Application Gateway Standard V2 SKU? If yes, how? Would there be an impact of workings of it?

GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2024-01-12T12:22:09.0866667+00:00
Hello @Azure-enthusiast ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

Is it possible to disable ICMP pings to Application Gateway Standard V2 SKU?

No, it is not possible to disable ICMP pings to Application Gateway Standard V2 SKU.

As @Priya Kumar mentioned below,

Like Azure Load Balancer, Application gateway is also a Layer 7 load balancer:

General availability: Inbound ICMPv4 pings are now supported on Azure Load Balancer | Azure updates | Microsoft Azure

And according to the below document, ICMP cannot be disabled on the Load Balancer frontend.

Usage considerations:

ICMP pings can't be disabled and are allowed by default on Standard Public Load Balancers.

https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-test-frontend-reachability?tabs=windows-outside%2Cping%2Cwindowsvm#usage-considerations

Kindly let us know if the below helps or you need further assistance on this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2024-01-18T11:17:24.82+00:00

@Azure-enthusiast , could you please provide an update on this post?

Accepted answer

0 additional answers

GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2024-01-12T12:22:09.0866667+00:00

Hello @Azure-enthusiast ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

Is it possible to disable ICMP pings to Application Gateway Standard V2 SKU?

No, it is not possible to disable ICMP pings to Application Gateway Standard V2 SKU.

As @Priya Kumar mentioned below,

Like Azure Load Balancer, Application gateway is also a Layer 7 load balancer:

General availability: Inbound ICMPv4 pings are now supported on Azure Load Balancer | Azure updates | Microsoft Azure

And according to the below document, ICMP cannot be disabled on the Load Balancer frontend.

Usage considerations:

ICMP pings can't be disabled and are allowed by default on Standard Public Load Balancers.

https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-test-frontend-reachability?tabs=windows-outside%2Cping%2Cwindowsvm#usage-considerations

Kindly let us know if the below helps or you need further assistance on this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2024-01-18T11:17:24.82+00:00

@Azure-enthusiast , could you please provide an update on this post?

Answer 1

Thanks for reaching Azure Q and A platform.

Based on the query you would like to disable ICMP ping on the Application Gateway standard SKU.

The ICMP is allowed on the Public IP attached on the Application Gateway, which is the Standard Public IP.

Likewise Load Balancer, Application gateway is also a Layer 7 load balancer:

According to the document, the ICMP cannot be disabled on the Load Balancer frontend.

Usage considerations:

ICMP pings can't be disabled and are allowed by default on Standard Public Load Balancers.
ICMP pings with packet sizes larger than 64 bytes will be dropped, leading to timeouts.

Request:

Could you try applying a NSG on the Application Gateway Subnet, which will block ICMP from Any source?

Regards,

Priya Kumar