Access on-premises resources from your Azure AI Foundry managed network

2025-10-01

Note

You must use a hub-based project for this feature. An Azure AI Foundry project isn't supported. See How do I know which type of project I have? and Create a hub-based project.

Configure an Azure Application Gateway to let your managed virtual network in Azure AI Foundry reach non-Azure resources in another virtual network or on-premises. The gateway provides a secure, private end-to-end path to those resources.

Azure Application Gateway is a load balancer that makes routing decisions based on the URL of an HTTPS request. Azure Machine Learning supports using an application gateway to securely communicate with non-Azure resources. For more on Application Gateway, see What is Azure Application Gateway.

Set up the application gateway in your Azure virtual network for inbound access to the Azure AI Foundry hub. After you configure the gateway, create a private endpoint from the hub's managed virtual network to the gateway. The private endpoint keeps the entire end-to-end path private and off the internet.

Prerequisites

Read How an application gateway works to learn how Application Gateway secures connections to non-Azure resources.
Set up your Azure AI Foundry hub's managed virtual network and select an isolation mode: Allow Internet Outbound or Allow Only Approved Outbound. Learn more in Managed virtual network isolation.
Get the resource's private HTTP(S) endpoint.

Supported resources

Application Gateway supports any backend resource that uses HTTP or HTTPS. Application Gateway verifies connections from the managed virtual network to the following resources:

JFrog Artifactory
Snowflake
Private APIs

Configure Azure Application Gateway

Follow the Quickstart: Direct web traffic using the portal. To correctly set up your Application Gateway for use with Azure Machine Learning, use the following guidance when creating the Application Gateway:

On the Basics tab, review and apply the following settings.
- Ensure your Application Gateway is in the same region as the selected Azure Virtual Network.
- Azure AI Foundry supports only IPv4 for Application Gateway.
- In your virtual network, select one dedicated subnet for Application Gateway. Don't deploy other resources in this subnet.
On the Frontends tab, Application Gateway doesn't support only a private frontend IP address, so select or create a public IP address. Add private IP addresses for backend resources within the subnet range you selected on the Basics tab.
On the Backends tab, add backend targets to backend pools for routing. Create different pools as needed (for example, a Snowflake database).
On the Configuration tab, configure how frontend IPs receive requests and route them to the backend.
- In the Listener section:
  - Create a listener with HTTP or HTTPS and specify the listening port. To use two listeners on the same frontend IP that route to different backend pools, use different ports. Incoming requests are distinguished by port.
  - For end-to-end TLS encryption, select an HTTPS listener and upload your certificate so Application Gateway can decrypt the request received by the listener. For more information, see Enabling end to end TLS on Azure Application Gateway.
  - For a fully private backend target without public network access, don't set up a listener on the public frontend IP address or its routing rule. Application Gateway forwards only requests that listeners receive on the specified port. To avoid adding a public frontend IP listener by mistake, see Network security rules to lock down public network access.
- In the Backend targets section, if you use HTTPS and the backend server's certificate isn't issued by a well known CA, upload the root certificate (.CER) of the backend server. For more information, see Configure end-to-end TLS encryption using the portal.
After the Application Gateway resource is created, go to it in the Azure portal. Under Settings, select Private link to enable private access through a private endpoint connection. The Private link configuration isn't created by default.
- Select + Add to add the Private Link configuration, and then use the following values to create the configuration:
  - Name: Provide a name for your private link configuration
  - Private link subnet: Select a subnet in your virtual network
  - Frontend IP Configuration: appGwPrivateFrontendIpIPv4
- To verify the Private link is set up correctly, go to the Private endpoint connections tab and select + Private endpoint. On the Resource tab, the Target sub-resource should be the name of your private frontend IP configuration, appGwPrivateFrontendIpIPv4. If no value appears in the Target sub-resource, the Application Gateway listener isn't configured correctly. For more information, see Configure Azure Application Gateway Private Link.

Configure private link

After you create the Application Gateway frontend IP and backend pools, configure the private endpoint from the managed virtual network to the Application Gateway. In the Azure portal, go to your Azure AI Foundry hub, select Networking, then select Workspace managed outbound access > + Add user-defined outbound rules.
In the Workspace Outbound rules form, set the following values to create the private endpoint:
- Rule name: Enter a name for the private endpoint to Application Gateway.
- Destination Type: Private Endpoint
- Subscription and Resource Group: Select the subscription and resource group where the Application Gateway is deployed.
- Resource Type: Microsoft.Network/applicationGateways
- Resource name: The name of your Application Gateway resource.
- Subresource: appGwPrivateFrontendIpIPv4
- FQDNs: Enter the FQDN aliases to use in the Azure AI Foundry portal. They're resolved to the managed private endpoint private IP address that targets the Application Gateway. Add multiple FQDNs if you need to reach multiple resources through the Application Gateway.
  - All added FQDNs use the same IP address for the targeted Application Gateway.
  - The IP address is in the managed virtual network range, not the customer's VNet range.
Note
- If you use an HTTPS listener with an uploaded certificate, make sure the FQDN alias matches the certificate CN (Common Name) or SAN (Subject Alternative Name), otherwise the HTTPS call fails because of SNI (Server Name Indication).
- Each FQDN must have at least three labels to create the private DNS zone for the private endpoint to the Application Gateway.
- You can edit the FQDNs field after you create the private endpoint by using the SDK or CLI. You can't edit it in the Azure portal.
- Dynamic subresource naming isn't supported for the private frontend IP configuration. The frontend IP name must be appGwPrivateFrontendIpIPv4.

Configure by using the Python SDK and Azure CLI

To create a private endpoint to Application Gateway by using the Python SDK, see Azure SDK for Python.

To create a private endpoint to Application Gateway by using the Azure CLI, run the az ml workspace outbound-rule set command. Set properties as needed for your configuration. For more information, see Configure a managed network.

Limitations

Application Gateway supports only HTTP(S) endpoints in the backend pool. It doesn't support non-HTTP(S) network traffic. Ensure resources use the HTTP(S) protocol.
When connecting to Snowflake through Application Gateway, add FQDN outbound rules to enable package and driver downloads and OCSP validation.
- The Snowflake JDBC driver uses HTTPS, but other drivers can differ. Verify that your resource uses the HTTP(S) protocol.
Application Gateway doesn't support Spark scenarios such as Spark compute or serverless Spark compute. DNS resolution (for example, with nslookup) fails when resolving an FQDN from Spark compute.
Learn more in Frequently asked questions about Application Gateway.

Application Gateway errors

Troubleshoot Application Gateway connection errors to your backend resources:

Managed virtual network isolation

Feedback

Was this page helpful?