1

I'm using Azure API Management. Since APIM does not provide built in WAF, i'd like to use app gateway in front of APIM. According to the following article, it is possible. https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway

But some of my APIM are Not integrated with VNet or integrated VNet as external. And i'd like to integrate those APIM with app gateway as well. So is this possible scenario or Do i need to migrate existing APIMs to internal VNet?

Thanks a lot.

Advices or documentations.

arnold park
  • 21
  • 3

1 Answers1

0

As per the Microsoft documentation Backend Pools of Application Gateway can contain public ip address, so for your external APIM you can specify the public IP of the APIM, in you Application Gateway backend Pool.

But this doesn't make any sense, because now you are planning to use the application gateway and it supports a way to expose your APIs even if it is in internal vnet mode. As a security point of view it is better to move external APIM to internal mode. If you want keep the external apim , then you have to find a way to restrict access to this external APIM only via application gateway, and all other direct access to APS should be blocked.

KSP
  • 127
  • 8