Feature Request - Cost Estimator - Add Azure Firewall and/or NAT Gateway

It would be nice to incorporate options for NAT Gateway and/or Azure Firewall options into the cost estimator.


Comments (3 comments)

Dave Stephenson

Welcome to the community, Steven Utley 🙂!

Excellent suggestion.

I like seeing these suggestions for the cost estimator. Anything we can do to get the best estimate of our costs up front makes it that much easier to sell.
Where Microsoft is going to be requiring public IPs in the near future (I couldn't find the link to the article where it talked about it 😞), utilizing something like NAT Gateway is going to be the most cost-effective and minimal administrative way to handle this for AVDs.

Gido Veekens

Hi Steven Utley & Dave Stephenson. Great suggestion. In general, we don't include anything in Cost Estimator if we don't support the actual deployment/management from the product. That being said, we're always open to consider adding components that are actually being used. With the upcoming change that Dave refers to it's something we're looking into. For clarity, Microsoft has announced that VMs will not have outbound internet access by default starting September 2025. For more information: https://azure.microsoft.com/en-us/updates/default-outbound-access-for-vms-in-azure-will-be-retired-transition-to-a-new-method-of-internet-access/

That means that we're investigating which options we should provide for deployment/management and Cost Estimator going forward. Which leads to some questions. Assuming that the majority of environment do need outbound internet access, what do use for customers today (besides the default outbound access) and what do you plan to use with this upcoming change in mind? Do you manage environments where outbound internet connectivity is NOT a requirement?

Your feedback on this topic is much appreciated, thank you!

Peter Yasuda

We've been including NAT gateways in all proposals, because the cost is not high, and there's a fair chance some day they're going to need a static source IP because someone is only allowing permitted IP addresses. 


Please sign in to leave a comment.