1

We are about to move our company's internal web app and samba shares from a datacenter to Azure. All our locations have a VPN connection to that data center.

Instead of creating all new connections to Azure, would it be "safe" to simply use Azure's VNET Gateway's firewall and simply whitelist our location's static IPs?

Meaning, would it be easy for a data breech to happen?

SMB and HTTP are booth over SSL. To my understanding, even if an IP was spoofed, the hacker would still not be able to get in.

It seems like a VPN isn't really necessary if the firewall deny's all accept for specific IPs and specific ports.

Chemdream
  • 93
  • 1
  • 9
  • What I found so far: In person answers from security experts, so far, all have stated that a strong firewall with default deny all and whitelisted IPs for the rest, is totally fine. As long as all traffic is encrypted. Online answers, from sites like this, mostly state that I need VPN. I'm not saying either is correct. Just my findings so far. – Chemdream Dec 21 '18 at 19:31

0 Answers0