Can I add azure-application-gateway in an existing virtual network?

Question

I have a virtual machine in an existing virtual network, and a subnet.

this VM has a public IP address.

Can I add an application gateway in this existing virtual network? (to control the traffic, SSL termination etc)

When I try to do so, it is refusing to consider a new subnet inside that virtual network (A new subnet is apparently needed by the application gateway)

It appears grayed out to the "Create Gateway resource" screen.

Your help is much appreciated.

Answer 1

Hi @Satya Komatineni ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are trying to deploy an Application gateway into an existing VNet.

This is supported. You can deploy an Application Gateway in an existing VNet.

The catch here is that,

• The subnet where you are trying to deploy the App Gateway must not contain any other resource.
• In you case, "GatewaySubnet" is for creating VNet Gateways, not Application Gateways.
• Hence, you are seeing the subnet as grayed out.
• You can create a new subnet with a normal naming convention such as "myAGSubnet" or any and deploy the App Gateway in it.
• 
• Refer : https://learn.microsoft.com/en-us/azure/application-gateway/create-multiple-sites-portal

I hope this helps.
Please feel free to let us know if you have any follow-up queries on this.

Thanks,
Kapil

----------------------------------------------------------------------------------------------------------------

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

Answer 2

Hello,

Yes you can add an app gateway into the same VNet. Nonetheless, you need to create another one subnet for app gateway and connect your VMs to app gateway with private endpoint.

An infrastructure like this.

Kind regards, Kilian GOËTZ.

Answer 3

Quick summary.

It has been a few days.

First of all thanks for actively engaging in this forum. Thanks

Goal

---

1. Setup a App gateway in the same vnet as I have a VM that is hosting a tomcat website
2. (Use that app gateway as a WAF - Web Application Firewall, protecting for SQL Ingection, bad web clients, etc - This is still under exploration)

Problem I ran into

---

Create App Gateway Resource is failing not allowing subnet to be chosen.

Resolution

---

1. It has to be a new dedicated subnet (This is easy to figure out)
2. The name cannot be one of the reserved names!! (This is not clear from the docs)
3. One of the reserved names, which by accident, and first choice, I chose was "Application Gateway". And THAT my friends is reserved as anonymous user-MSFT here had educated me on. (Thank you)
4. So once I chose a different name, it worked and successfully created the gateway

Further on

---

1. I was able to forward requests to a back end webserver (No significant surprises)
2. But I am a bit early on completing my overall mission.
3. I will keep you posted
4. My next immediate job is
   5. Prevent all other traffic but from the gateway into the backend VM for http
   6. Offload ssl
   7. Enable WAF
   8. Examine what bad sites are hitting mine (if possible)

Hope this helps others as well
Thanks
Satya