Reputation: 79
Azure Front Door behind a NGFW
We are looking to deploy a web application to an App Service behind Azure Front Door (AFD) and have a security requirement to have a seperate NGFW as the entry point so the solution will be "NGFW on VM" > AFD > App Service.
We are doing some analysis if we can change the solution to "NGFW on VM" > App Service instead but as we wish to use the routing functionality in AFD I also wish to confirm if "NGFW on VM" > AFD > App Service is supported by AFD.
Thanks, Lastbuilders
Upvotes: 0
Views: 230
Answers (1)
Reputation: 733
Azure Front Door does not care what you put in front as long as its IP/DNS capabilities are met, but running a FW on a single VM and then passing it to AFD seems like a very backwards of doing things.
AFS is globally distributed platform and has a built in Web Application Firewall service that can be used and works great deployed globally.
Channeling all the traffic through a VM based Firewall will defeat many of the AFD features like fastest routing to closest host etc, and also you need to make some complex configuration to handle your name resolution etc.
You will then need to use something like traffic manager to ensure correct routing to your entry firewalls and then have AFD behind that but unless you deploy a very large amount of firewalls it will severely the use of AFD as it will be very suboptimal since all your traffic comes from a single source
Upvotes: 0
Related Questions
- How to forward access-control-allow-origin header from a Web App to a Front Door?
- Azure Front Door in the front of Application Gateway
- Allow only traffic from Front End to ADF front door
- Problems using App Gateway as Origin with Azure Frontdoor Premium (Preview)
- How to use Azure Frontdoor with gRPC?
- Azure FrontDoor Priority
- Use Azure Front Door to serve a SPA
- Routing to multiple Web Apps behind Azure Front Door
- Restrict App Services to Front Door using Service tag and not IP
- Azure Front Door keep custom URL in redirects