Multiple public IP support in Microsoft Azure is currently in public preview, the last step towards general availability. Any Microsoft Azure customer can directly sign up to access this upcoming feature by following steps provided in the following link: https://docs.microsoft.com/en-us/azure/virtual-net
As a reminder, multiple public IP support allows you to assign one/more public IP(s) to any interface (NIC) of the VM-Series instance in Azure, eliminating the current need for a NAT VM for some deployment scenarios.
The steps in the link above also provides access to Azure Load Balancer enhancements that will allows traffic to be distributed across any IP address of any interface of the VM-Series, (i.e. Azure Load Balancer does not target eth0 only any longer). For more details on how to scale out security to protect web applications using VM-Series and Application Gateway: https://github.com/PaloAltoNetworks/azure-applicat
Once you start using the multiple public IP feature, a NAT VM is not required in front of any Internet facing use cases as was previously needed. If you are using a NAT VM then you can reassign the NAT VM’s public IP directly on the VM-Series firewall public facing interface in the Azure Portal. For example, one or more public IP’s can be the untrust interface (eth1) in the diagram below.
Now multiple services or applications can be hosted from the same interface, or from separate interfaces. For example, application 1 is served from the VM-Series eth1 interface, and application 2 can be served from eth2 interface. For highly available designs and scalability, it is recommended to use Azure-native load balancers like Azure Application Gateway or Azure Load Balancer, as discussed here.