Azure NAT Gateway

Azure NAT Gateway

Azure NAT Gateways provide a way to utilise Network Address Translation to route outbound traffic through to the internet through a single Azure Public IP or IP Prefix.

NAT Gateways do not allow traffic ingress, and are a controlled way to have a known IP/s to firewall for other services.

NAT Gateways replace a subnets default route to the internet. This can be overwritten by Azure User Defined Route (Though this pattern most likely is not practical).

Using Network Address Translation, this service can support up to 64,000 concurrent traffic flows.

Configurations

• Multiple Subnets within the same VNET can use different NAT gateways or the same NAT gateway.
• Multiple NAT gateways cant be attached to a single subnet.
• NAT Gateways can not span multiple Virtual Networks.
• NAT Gateways can not be deployed in a Gateway Subnet.
• No IPv6
• Can use up to 16 IP addresses in any combination of:
  • Public IP addresses
  • Public IP prefixes
  • Public IP addresses and prefixes derived from custom IP prefixes (BYOIP), to learn more, see Custom IP address prefix (BYOIP).
  • Can be used on a Azure Firewall subnet.