Azure – You can now use FQDN name to define your Local Network Gateway

As you know, you can setup a Site-to-Site VPN between your on-premises infrastructure and Azure.

This VPN connectivity involves the creation of a Local Network Gateway (LNG).

Until now, you add to configure a public IP for your LNG.

Well, good news you can now use a Fully Qualified Domain Name (FQDN) instead of the public IP. This is quite handy if you have to connect branch offices which may use a dynamic public IP.

To start using this new capability, logon to your Azure portal ( and create a new LNG


Then you can switch to FQDN for the endpoint definition

image_thumb[1]  image_thumb[2]


  • Only 1 public IP is support when using FQDN. If the FQDN resolves to multiple IP’s, Azure VPN will then use the first IP returned.
  • Azure VPN is caching DNS resolution for 5 minutes, which may lead to temporary disconnection when the public IP is updated
  • The gateway tries to resolve FQDN only for disconnected tunnels (or if you reset the gateway)
Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies