After some more research and testing it turns out we can support the use case where you want to reuse an associated IP address that already has port 22 or 5985 forwarded, by using a random public port.
The correct port to open in the firewall is different for the type of firewall used. The standard firewall requires the public port to be opened and the network ACL requires the private port to be opened.
So by partially reverting this code and updating which ports to open in which cases, we can support all use cases again.
This is meant to be a gentle solution for a very specific use case, but is causing more issues then it solves.
If you have a port conflict when trying to use an already associated public IP, the easiest way around it is to let the builder associate a new temporary public IP address.
Sander van Harmelen
nyankichi820