Azure-docs: NSG allowed on Gateway subnet but Portal says not?

@mrdfuse App Gateways do not have the restriction of being deployed into gateway subnet, and you can put NSGs on the App Gateway Subnets.

We will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion and we will reopen the issue.

@TravisCragg-MSFT This is a valid issue(could be a bug but not a documentation issue). Your documentation says it is valid but the UI(Portal) does not allow us to assign NSG to it.

My issue was about putting an NSG on a subnet created for an Application Gateway. My mistake was that I made the subnet of type Gateway, which is not necessary for an Application Gateway. In that respect Travis was right.

I'm not sure if your comment is relevant here, or even correct. If you have the same issue as me, try without creating a gateway subnet, but instead create a normal subnet for your Application Gateway.

@mrdfuse In my case I consciously wanted the gateway subnet to have the NSG as I need to whitelist some IPs. I believe the document is correct, so yes I supposed this issue being closed is accurate. The issue/bug is with the UI where it locks that and prevent users from assigning it.

Workaround for those who stumble across this issue is to use the CLI or Terraform to configure and you will be able to set the NSG on gateway subnet

@nloke Do you have an example or link to docs for how to do that?

Try
https://docs.microsoft.com/en-us/powershell/module/azurerm.network/set-azurermvirtualnetworksubnetconfig?view=azurermps-6.13.0