Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table Of Contents:
Overview:
This recommended read provides additional information for users with Sophos Firewall environments in Azure who may be affected by the retirement of Public IP Basic SKU.
Licensing Details:
Announcement link: https://azure.microsoft.com/en-ca/updates?id=upgrade-to-standard-sku-public-ip-addresses-in-azure-by-30-september-2025-basic-sku-will-be-retired
Upgrade link: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance
- Standard SKU costs more than Basic SKU.
- Upgrading the current basic SKU is the simplest way to meet this requirement.
- The Public IP address needs to be disassociated and changed to static mode for the upgrade to succeed.
- An outage window will be required.
- An Azure VM can only be attached to only 1 type of SKU, either Basic or Standard, not both.
- That means two different public IP SKU types on the same interface, or one NIC associated with Basic SKU and another NIC associated with Standard SKU, is NOT permitted.
- The effect of this condition means all public IP SKUs need to be upgraded at the same time.
- A basic SKU does not require a Network Security Group (NSG) since access is open by default.
- The Standard SKU blocks inbound traffic and an NSG is required. If none is configured, traffic will be denied after upgrading from Basic to Standard SKU.
Edited Formatting
[edited by: Raphael Alganes at 11:41 AM (GMT -7) on 2 Apr 2025]
Quote