NATing Public IP to Primary Private IP as Part of a Blueprint

Updated by @KeithResar on Sep 02, 2015
Article Code: kb/692


When designing Blueprints using the Blueprint Designer there is a temping task available called add public ip address.

Blueprint Designer

When executing this task the following happens:

  • An additional private IP address is assigned to the server.
  • This new private IP address receives a public NAT.
  • Only specific ports can be enabled through the dialogue.
  • The default egress IP continues to be an un-NATed primary private IP.

Desired Behavior

Many customers designing Blueprints desire the following behavior:

  • NAT public IP address to their existing primary IP address
  • Permit traffic with destined towards arbitrary ports


This is solved by including one of the following packages in your Blueprint instead of the tempting, but likely unwanted, add public ip address task.

Specify the ports to open as a Design Time parameter and use the following port/protocol syntax:

  • Single port - 80/tcp 443/tcp 53/udp
  • Port range - 1-1024/tcp

Specify multiple port/protocol tuples with space delimiters.

Blueprint Designer