question

JevonDavis-1810 avatar image
0 Votes"
JevonDavis-1810 asked AlanKinane commented

Azure Bastion maintaining a static public IP

I have setup Azure Bastion on one of the VMs and currently troubleshooting. Due to the nature of tasks I do I am often asked to provide the IP in which I will sending traffic from in order to be whitelisted. I am aware Bastion does not need a public IP and I have since removed it but is there a way to maintain one while browsing the web on the VM etc? This is to facilitate having a static public IP vs of it changing each time the VM is restarted.

azure-virtual-machinesazure-bastion
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AlanKinane avatar image
2 Votes"
AlanKinane answered AlanKinane commented

If you create a static public IP address and assign it to the NiC of the virtual machine then this will be your IP address even when using Azure Bastion. As long as you set the IP address to static it will not change when the VM is restarted.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I think I maybe need to be more clear. The public IP assigned to the VM was disassociated. When browsing the internet there is an IP always associated with your browsing instance or any traffic coming from the VM. My question is seeing that the IP was disassociated from the VM, is there a way to maintain an IP while on the Web vs it changing each time the VM is restarted? For eg. let's say using a public load balancer

0 Votes 0 ·
AlanKinane avatar image AlanKinane JevonDavis-1810 ·

Yes, there are several ways. You can associate the public IP address again and make sure it is set to static or you can deploy a NAT gateway or standard load balancer to NAT out to the Internet via their public IP address. The IP address is the easiest method but just be careful and make sure you have a network security group on it and have locked down the inbound access for security reasons.

0 Votes 0 ·

I don't want to associate an IP with it. I'd rather the other methods you mentioned. I'll explore them and see. Thank you

0 Votes 0 ·
Show more comments