I have many websites configured on Azure Application Gateway, sites are physically hosted on Windows VM(IIS). From the application gateway traffic is passed on to IIS in one of the VM.All the websites A record is pointed to teh Application Gateway.
Now there is a new requirement that I want to point A record of a new website directly to the VM and dont want it to pass through the Application Gateway Load Balancer. So basically I dont want to configure listeners backendsettings etc, instead point the A Record directly to VM. Is this possible?
I pointed the A record of new Website to the VM directly, but it doesn't work. I believe there is some settings to be done on Azure portal which I am not aware of. Kindly guide me.
Below is the existing structure and the new requirement on the existing structure.
The Network Security Group attached to the VM's network interface or subnet must allow inbound traffic on the port that your website is using (typically port 80 for HTTP and 443 for HTTPS).
This can be achieved in the following steps.
Assign a Public IP Address to Your VM:
Before modifying the NSG, ensure your VM has a public IP address. If not, you must create one and associate it with your VM's network interface.
Navigate to the Azure Portal: Log in to your Azure Portal.
Find the NSG: Find the Network Security Group associated with your VM. Click on the relevant NSG that is associated with the network interface or subnet of your VM.
To create an inbound security rule, select "Any" to allow traffic from all IP addresses or define a specific range to limit access. Typically, you can leave the port setting as "*" to indicate any port, unless a specific source port is required. Choose "IP Addresses" and enter your VM's private IP if it isn't already filled in.
For HTTP traffic, input "80" or use "443" for HTTPS traffic, or specify another port used by your application. Opt for "TCP" as the protocol for HTTP/HTTPS. Set the action to "Allow" to permit the traffic. Assign a priority to the rule, remembering that lower numbers signify higher priority. Confirm that this priority is set lower than any existing block rules to prevent conflicts.
After configuring the NSG, you should test to see if the VM is accessible from the internet using the public IP. Remember, changes to NSG rules can take a few minutes to become effective.
**Note: ** Ensure that the Windows Firewall on the VM is configured to allow inbound traffic on the required ports (again, typically 80 and 443).
reference:
https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic
https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal