Share via

Reusing Application Gateway Public IP on a VM – Is a New IP/DNS Still Allowed?

Leszek Jaskierny 0 Reputation points
2025-11-27T21:08:41.1766667+00:00

I need to migrate a public IP interface (IP address + DNS name) from an existing Application Gateway to a VM that will act as a TLS proxy. This is required because Application Gateway is dropping support for TLS 1.1, and some legacy devices in my environment cannot be upgraded to TLS 1.2.

My question is: If I detach the current public IP configuration from the Application Gateway and attach it to the VM, will I still be able to create a new public IP (with a new DNS name) and associate it with the Application Gateway afterward?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-11-27T21:08:50.4133333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    When you detach a public IP address from an Azure Application Gateway, you can indeed create a new public IP address with a new DNS name and associate it with the Application Gateway afterward. However, it's important to note that the Application Gateway does not support changing the public IP address after creation. Therefore, you will need to create a new public IP resource and associate it with the Application Gateway after detaching the existing one.

    Additionally, if you are using a dynamic Basic IP, it will only change when the gateway is stopped or started, but the DNS name associated with the Application Gateway frontend does not change over its lifecycle. Thus, using a CNAME record for a friendly DNS name is recommended if you need to maintain a consistent DNS name for your application gateway.

    Make sure to plan the migration carefully to avoid any downtime or service disruption during the transition.

    0 comments
  2. Venkatesan S 925 Reputation points Microsoft External Staff Moderator
    2025-11-27T22:10:59.3533333+00:00

    Hi Leszek Jaskierny,

    Thanks for posting question in Microsoft Q&A,

    If I detach the current public IP configuration from the Application Gateway and attach it to the VM, will I still be able to create a new public IP (with a new DNS name) and associate it with the Application Gateway afterward?

    Yes, you can detach the existing Public IP from App GW, attach it to your VM, and then create & attach a new Public IP to the Application Gateway afterward

    • You can detach the current Public IP (and DNS name) from an Azure Application Gateway (App GW) frontend.
    • Once detached, that public IP becomes a free resource, you can then associate it to another Azure resource (such as a VM/NIC). Thus, you can make the detached IP + DNS name belong to your VM (TLS proxy).
    • Afterwards, you are free to create a new Public IP (with a new DNS name) and attach that to the Application Gateway as its frontend IP.
    • Important nuance: For App GW (especially v2 SKU) public-frontend, the IP must be a Standard SKU, Static public IP.
    • Once a Public IP is created and associated, you cannot “change” that IP in-place on App GW to change it you must detach and associate a different Public IP resource.

    Reference:

    Please let us know if the above information is valid or if you need further assistance.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.