Share via

Is it possible to assign a static IP for Azure AI Hub

Harijs Ijabs (SA) 0 Reputation points
2025-03-11T14:46:14.4233333+00:00

Hi all!
I need advice on whether it is possible to configure a static outbound IP for an Azure Prompt Flow app created within an Azure AI Hub. I have tried creating virtual networks, setting outbound rules, creating gateways and endpoints for said VNs, but as of yet nothing has solved the situation.

I get as far as configuring a VN, assigning subnets and a public IP, but I hit a wall once I need to connect my Azure AI Hub instance to the created VN - I just can't find the option to make the connection between Hub and VN.

Why I am building this - I need a stable, static IP associated to my Prompt Flow project in order to make some firewall exceptions to access internal resources.

I would really appreciate help with these two questions:

  1. If what I am doing is actually possible
  2. If it is possible, how to achieve it

Thank you in advance!

Azure AI services
Azure AI services
A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.
3,224 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinodh247 29,781 Reputation points MVP
    2025-03-11T16:22:07.3833333+00:00

    Hi ,

    Thanks for reaching out to Microsoft Q&A.

    ​Yes, it is possible to configure a static outbound IP address for an Azure Prompt Flow app within an Azure AI Hub. This setup allows your application to have a consistent IP address, which is essential for configuring firewall exceptions to access internal resources.​

    Steps to Achieve a Static Outbound IP Address:

    1. Enable Managed Virtual Network Isolation:
      • When creating or updating your Azure AI Hub, enable the managed VNet feature. This isolates your resources within a dedicated network environment.​
      • In the Azure portal, navigate to your AI Hub resource, select the "Networking" tab, and choose the appropriate isolation mode. For allowing internet outbound traffic, select "Private with Internet Outbound." ​
    2. Integrate with a Virtual Network (VNet):
      • Ensure that your AI Hub is connected to a VNet. This integration is crucial for controlling outbound traffic.​
      • If your AI Hub isn't already connected to a VNet, you can add a private endpoint to establish this connection. In the Azure portal, under your AI Hub's "Networking" settings, add a private endpoint and select the VNet and subnet you wish to connect to. ​
    3. Configure a NAT Gateway:
      • Deploy a Network Address Translation (NAT) Gateway within the VNet. The NAT Gateway allows you to specify a static public IP address for all outbound traffic from resources within the VNet.​
      • Associate the NAT Gateway with the subnet containing your AI Hub resources. This ensures that all outbound traffic from your Prompt Flow app uses the static IP address assigned to the NAT Gateway. ​
    4. Assign a Static Public IP Address:
      • When creating the NAT Gateway, assign a static public IP address. This IP will be used for all outbound traffic from your AI Hub resources.​
      • In the Azure portal, create a public IP address resource with the "Static" allocation method. Then, associate this IP address with your NAT Gateway.​

    Additional Considerations:

    • After setting up the static outbound IP, update your internal resources' firewall rules to allow traffic from this IP address.​
    • Ensure that the services and resources your Prompt Flow app interacts with support integration with VNets and NAT Gateways.​

    Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.