Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
2.3.4. NAT Gateway
NAT Gateway provides outbound internet connectivity with consistent source IP addresses.
💡 First Principle: Without NAT Gateway, Azure VMs use ephemeral SNAT ports from Azure's pool. This can lead to port exhaustion under load and unpredictable source IPs. NAT Gateway solves both problems.
Capabilities:
| Feature | Value |
|---|---|
| SNAT ports per IP | 64,000 |
| Public IPs | Up to 16 (1M+ ports total) |
| Throughput | 100 Gbps |
| Idle timeout | Configurable 4-120 minutes |
When to Use NAT Gateway:
| Scenario | Without NAT Gateway | With NAT Gateway |
|---|---|---|
| Outbound IP predictability | Random Azure IPs | Your specific IPs |
| High outbound connections | SNAT exhaustion risk | 64K+ ports |
| Firewall allowlisting | Complex, dynamic | Simple, static CIDR |
Configuration:
- Create NAT Gateway
- Associate public IP(s) or prefix
- Associate with subnet(s)
⚠️ Exam Trap: NAT Gateway takes precedence over other outbound methods (Load Balancer outbound rules, VM public IPs for outbound). It does NOT provide inbound connectivity.
Written byAlvin Varughese
Founder•15 professional certifications