Merge pull request #304870 from reyjordi/updating-for-private-only

prmerger-automator[bot] · web-flow · commit c3d4a00738be · 2025-08-31T14:45:17.000Z
made changes to faq since private only is GA now
diff --git a/articles/application-gateway/application-gateway-faq.yml b/articles/application-gateway/application-gateway-faq.yml
@@ -321,29 +321,12 @@ sections:
           
       - question: How do I use Application Gateway v2 with only a private frontend IP address?
         answer: |
-          Application Gateway v2 currently supports private IP frontend configuration only (no public IP) via public preview. For more information, see [Private Application Gateway deployment (preview)](application-gateway-private-deployment.md).
+          Application Gateway v2 now supports private IP frontend configuration only. For more information, see [Private Application Gateway deployment](application-gateway-private-deployment.md).
           
-          For current general availability support, Application Gateway v2 supports the following combinations:
+          Application Gateway v2 supports the following combinations:
           * Private IP and public IP
           * Public IP only
-          
-          To restrict traffic only to private IP addresses with current functionality, follow this process:
-          1. Create an application gateway with both public and private frontend IP address.
-          1. Don't create any listeners for the public frontend IP address. Application Gateway won't listen to any traffic on the public IP address if no listeners are created for it.
-          1. Create and attach a [network security group](../virtual-network/network-security-groups-overview.md) for the Application Gateway subnet with the following configuration in the order of priority:
-              
-              1. Allow traffic from **Source** as the service tag **GatewayManager**, **Destination** as **Any**, and the destination **Port** as **65200-65535**. This port range is required for Azure infrastructure communication. These ports are protected (locked down) by certificate authentication. External entities, including the gateway user administrators, can't initiate changes on those endpoints without appropriate certificates in place.
-              
-              1. Allow traffic from **Source** as the service tag **AzureLoadBalancer** and the destination **Port** as **Any**.
-              
-              1. Deny all inbound traffic from **Source** as the service tag **Internet** and the destination **Port** as **Any**. Give this rule the *least priority* in the inbound rules.
-              
-              1. Keep the default rules like **AllowVNetInBound** so that the access on a private IP address isn't blocked.
-              
-              1. Outbound internet connectivity can't be blocked. Otherwise, you face issues with logging and metrics.
-          
-          Sample NSG configuration for private IP-only access:
-          ![Application Gateway v2 NSG configuration for private IP access only](./media/application-gateway-faq/appgw-privip-nsg.png)
+          * Private IP only
           
       - question: How can I stop and start Application Gateway?
         answer: |
