Creating a multi-site listener for an Azure Application Gateway

If you’re trying to create a multi-site listener for an Azure Application Gateway, you may have encountered an issue where you are told that you cannot use the same configuration on two listeners which is identical, however – according to documentation this is possible, so what’s going on?


Using a multi-site listener gives us the option to publish multiple websites (or back-end pools) using the same IP address / Port / Certificate combo.

this is especially useful if you’re using a wildcard certificate and want to save on IP addresses.

instead of using a different IP or port, we use a different host (URL) for each pool.

How multi-site listeners work

A Multi-site listener does not provide support for multiple sites, it provides support for one site, by using a combination of multi-site listerners, we can provide support for multiple sites.

The Problem

When we create the second listener, we need to select a combination of settings, which will essentially be the same as the previously created listener just with a different host.

At this point though, we still do not have a rule, nor can we create one because the rule will need to be associated with the listener (which does not exist yet).

This creates a problem as Azure will not allow us to create an identical listener and provide an error specifying the Frontend IP Configuration cannot be the same.

The Workaround

I’m avoiding the work solution here because to me this feels like a workaround. also, using the CLI should allow us to get this configured with no issues.

in any case, if you’re using the portal and wish to get this configured, during the creation of the second listener, create a new port configuration, I created mine with the name temp and port 4443 (As I was using a certificate, I had to use a port that was recognized as HTTPS).

after the listener is created, proceed to create the matching rule. (I already had the back-end pools created at this point)

when all configuration is in place, go back to the listener and change the port to match your need (in my case, 443), and Azure should let you finalize the configuration with no issues.

NOTE: you can keep doing this using the same temp port you created to add more sites.

Hope you found this helpful!

Leave a Reply

Your email address will not be published. Required fields are marked *