Reputation: 1
Does Azure Front Door work with private VM as backend?
We have a Premium Azure Front Door (AFD) instance and a private Windows VM deployed in its own VNET, acting as a web server. Due to company policies, we cannot assign a public IP to the VM.
Currently, the VM is behind an Application Gateway + WAF, which we plan to retire for a full transition to AFD. However, I’m stuck at the origin group stage because:
There's no built-in origin type for VMs in AFD. A custom origin requires a public IP, which we cannot provide. Is there a way to configure AFD to route traffic to this private VM without deploying a Load Balancer/App Gateway into the vnet? Any workarounds or best practices would be greatly appreciated.
MS documentation was of no help
Upvotes: 0
Views: 59
Answers (1)
Reputation: 1419
Front Door will need to be able to communicate with the VM in order to serve traffic. The VM will have to be exposed to serve traffic somehow. That can be a public IP assigned to the VM, a load balancer, or an application gateway.
Exposing a public IP on the VM would be simplest, but if your company forbids it I suspect it's for security reasons and they want to have some sort of WAF to secure traffic. Front Door can provide a WAF and keep the VM secure if you restrict VM traffic to the Front Door servers.
Exposing a load balancer would be the next simplest option, but it won't provide much more security than a public IP.
Upvotes: 0
Related Questions
- Azure - Backend getting IP from Azure Front Door not from the source
- Does Azure Front Door support TLS Client Authentication
- Does Azure Front Door Supports Private IP backends
- Azure front door error 404 with app service backend
- Azure API Management with internal backend API
- Azure Front Door Configuration Changes
- Does Azure Front Door work on a specific range of ip addresses?
- Azure Front Door polling backend pool state several times per second
- Azure network security group and Application Gateway