Create an application gateway with external redirection using the Azure CLI

You can use the Azure CLI to configure web traffic redirection when you create an application gateway. In this tutorial, you configure a listener and rule that redirects web traffic that arrives at the application gateway to an external site.

In this article, you learn how to:

  • Set up the network
  • Create a listener and redirection rule
  • Create an application gateway

If you don't have an Azure subscription, create an Azure free account before you begin.


  • This tutorial requires version 2.0.4 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.

Create a resource group

A resource group is a logical container into which Azure resources are deployed and managed. Create a resource group using az group create.

The following example creates a resource group named myResourceGroupAG in the eastus location.

az group create --name myResourceGroupAG --location eastus

Create network resources

Create the virtual network named myVNet and the subnet named myAGSubnet using az network vnet create. Create the public IP address named myAGPublicIPAddress using az network public-ip create. These resources are used to provide network connectivity to the application gateway and its associated resources.

az network vnet create \
  --name myVNet \
  --resource-group myResourceGroupAG \
  --location eastus \
  --address-prefix \
  --subnet-name myAGSubnet \
az network public-ip create \
  --resource-group myResourceGroupAG \
  --name myAGPublicIPAddress

Create an application gateway

You can use az network application-gateway create to create the application gateway named myAppGateway. When you create an application gateway using the Azure CLI, you specify configuration information, such as capacity, sku, and HTTP settings. The application gateway is assigned to myAGSubnet and myPublicIPAddress that you previously created.

az network application-gateway create \
  --name myAppGateway \
  --location eastus \
  --resource-group myResourceGroupAG \
  --vnet-name myVNet \
  --subnet myAGsubnet \
  --capacity 2 \
  --sku Standard_Medium \
  --http-settings-cookie-based-affinity Disabled \
  --frontend-port 8080 \
  --http-settings-port 80 \
  --http-settings-protocol Http \
  --public-ip-address myAGPublicIPAddress

It may take several minutes for the application gateway to be created. After the application gateway is created, you can see these new features of it:

  • appGatewayBackendPool - An application gateway must have at least one backend address pool.
  • appGatewayBackendHttpSettings - Specifies that port 80 and an HTTP protocol is used for communication.
  • appGatewayHttpListener - The default listener associated with appGatewayBackendPool.
  • appGatewayFrontendIP - Assigns myAGPublicIPAddress to appGatewayHttpListener.
  • rule1 - The default routing rule that is associated with appGatewayHttpListener.

Add the redirection configuration

Add the redirection configuration that sends traffic from to the listener for to the application gateway using az network application-gateway redirect-config create.

az network application-gateway redirect-config create \
  --name myredirect \
  --gateway-name myAppGateway \
  --resource-group myResourceGroupAG \
  --type Temporary \
  --target-url ""

Add a listener and routing rule

A listener is required to enable the application gateway to appropriately route traffic. Create the listener using az network application-gateway http-listener create with the frontend port created with az network application-gateway frontend-port create. A rule is required for the listener to know where to send incoming traffic. Create a basic rule named redirectRule using az network application-gateway rule create.

az network application-gateway frontend-port create \
  --port 80 \
  --gateway-name myAppGateway \
  --resource-group myResourceGroupAG \
  --name redirectPort
az network application-gateway http-listener create \
  --name redirectListener \
  --frontend-ip appGatewayFrontendIP \
  --frontend-port redirectPort \
  --resource-group myResourceGroupAG \
  --gateway-name myAppGateway
az network application-gateway rule create \
  --gateway-name myAppGateway \
  --name redirectRule \
  --resource-group myResourceGroupAG \
  --http-listener redirectListener \
  --rule-type Basic \
  --redirect-config myredirect

Test the application gateway

To get the public IP address of the application gateway, you can use az network public-ip show. Copy the public IP address, and then paste it into the address bar of your browser.

You should see appear in your browser.

Next steps