0

We are trying to host multiple sites at the backend of Azure Firewall, however we have about 30 different sites and each with their own test\dev and UAT site, which means 30 x 4 and 120 sites, each one is hosted on port 443, all have their own public IP, and are configured with a DNAT rule for directing the traffic based on the source to the correct backend, we have considered a Azure Application Gateway, with host header redirect, but we haven't had a chance to implement it yet, I was wondering is there a way to be cleverer and use Azure firewall with less public IP's and route to various backends, also the prod public sites have no source specified as they're open to the public.

Hope I've explained that clearly. Thanks

Norrin Rad
  • 353
  • 1
  • 5
  • 14

1 Answers1

1

That's almost exactly what the Application Gateway is for:

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers. For example, you can route traffic based on the incoming URL.

Don't spend your resources reinventing the wheel. Use the Azure supplied wheel.

vidarlo
  • 6,654
  • 2
  • 18
  • 31
  • thanks I have thought that but when the app gateway gets the request will it route traffic to firewall, and the request from app gateway which will be sending traffic to various backends, and within that t packet will be destination and the firewall will route based on destination? Is that correct – Norrin Rad Jun 16 '22 at 18:26