Azure NAT Gateway
Provide highly reliable, secure, and scalable outbound connectivity to the internet.
Simplify outbound internet connectivity for virtual networks
NAT Gateway is a fully managed service that securely routes internet traffic from a private virtual network with enterprise-grade performance and low latency. With built-in high availability using software-defined networking, you can easily configure, scale, and deploy outbound connectivity for dynamic workloads with NAT Gateway.
Easily configure and deploy outbound connectivity with just a few clicks of a button.
Automatically scale outbound connectivity for dynamic and large-scale workloads.
Control your outbound network traffic and keep your virtual network resources private and secure.
Get high availability and robust performance that doesn’t impact the network bandwidth of your compute resources.
Simplify the way you connect to the internet
Start securely connecting outbound to the internet with enterprise-grade performance and low latency by deploying a NAT (network address translation) gateway resource. With just a few clicks of a button, assign your NAT gateway to subnets within a single virtual network and static public IP addresses. NAT Gateway assumes the default route to the internet once configured to a subnet, with no traffic routing configurations required.
Scale outbound connectivity easily and dynamically
Scale out internet connectivity for your virtual networks and avoid common connection issues such as SNAT (source network address translation) port exhaustion. Assign multiple public IP addresses or prefixes to a NAT gateway resource to automatically scale outbound connectivity. All SNAT ports provided by NAT gateway public IPs are available on-demand to subnets attached to NAT gateway.
Keep your private network resources private
When you associate a NAT gateway resource to subnets in a virtual network, compute resources don’t need public IP addresses to connect to the internet and can remain private. Internet-originated traffic cannot pass inbound through a NAT gateway; only outbound and response traffic is allowed.
Enable enterprise-grade performance and low latency
NAT Gateway is a software-defined networking service fully managed by Azure. It has built-in redundancy to ensure high availability and resiliency to service outages. NAT Gateway does not count toward the network bandwidth of your private network compute resources and will not impact their performance.
Comprehensive security and compliance, built in
Microsoft invests more than $1 billion annually on cybersecurity research and development.
We employ more than 3,500 security experts who are dedicated to data security and privacy.
Deliver high-performance, scalable internet connectivity from your virtual network
NAT Gateway pricing
- No upfront cost
- No termination fees
Get started with an Azure free account
After your credit, move to pay as you go to keep building with the same free services. Pay only if you use more than your free monthly amounts.
Documentation and learning resources
Frequently asked questions about NAT Gateway
Azure Network Address Translation (NAT) Gateway is a fully managed and highly resilient NAT service that provides outbound connectivity to the internet through the deployment of a NAT gateway resource.
NAT Gateway is available in all Azure public clouds, Azure Government, and the Azure China region.
Assign your NAT gateway resource to one or more subnets in a virtual network and add at least one public IP address or prefix.
You can use up to 16 public IP addresses in any combination of prefixes and addresses with a single NAT gateway resource.
No, a NAT gateway resource cannot span multiple virtual networks.
With its on-demand allocation of SNAT ports for connecting outbound, NAT Gateway significantly reduces the risk of SNAT port exhaustion.