Does bastion requires public IP

Question

Does the Azure Bastion service require a public IP to work? Also if one has to use Bastion to connect to a Azure BM in a vnet, does at anytime the traffic will traverse the public internet ?

Answer 1

Hello @saurabh ,

Does the Azure Bastion service require a public IP to work?

Yes, Azure Bastion requires a public IP in order to function. You can follow this documentation to configure a Bastion Host via Portal.

Also if one has to use Bastion to connect to a Azure BM in a vnet, does at anytime the traffic will traverse the public internet ?

Yes. The traffic from portal to Azure Bastion edge will traverse over HTTPS (443, Internet). The diagram below from the Azure Bastion documentation will help you understand the traffic flow.

Hope this helps! Please let me know if you have any additional questions. Thank you!

Answer 2

Hello,
I'm still having some doubts and I don't know if Bastion is currently using a public IP because Microsoft is working on a new feature in order to grant access to the VMs directly from Internet.
Taking in account that the Azure Bastion host service is expensive people still deploying basic jumpstation (a standard B2 VMs cost is 25 USD/month and it could be reduced because you can stope and deallocate it at no cost).
Traffic from portal could probably be managed via the azure backbone until the Bastion service so I'm still having several doubts about to use this service (ok for security but €0.183 per hour means 130 € vs 25 for VM).