Azure – You can now use FQDN name to define your Local Network Gateway

As you know, you can setup a Site-to-Site VPN between your on-premises infrastructure and Azure.

This VPN connectivity involves the creation of a Local Network Gateway (LNG).

Until now, you add to configure a public IP for your LNG.

Well, good news you can now use a Fully Qualified Domain Name (FQDN) instead of the public IP. This is quite handy if you have to connect branch offices which may use a dynamic public IP.

To start using this new capability, logon to your Azure portal ( and create a new LNG


Then you can switch to FQDN for the endpoint definition

image  image


  • Only 1 public IP is support when using FQDN. If the FQDN resolves to multiple IP’s, Azure VPN will then use the first IP returned.
  • Azure VPN is caching DNS resolution for 5 minutes, which may lead to temporary disconnection when the public IP is updated
  • The gateway tries to resolve FQDN only for disconnected tunnels (or if you reset the gateway)

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.