topic Re: Protecting private clouds in General Topics

Protecting private clouds

KGC — Tue, 29 Oct 2013 16:05:30 GMT

We are in the process of testing the deployment of Internet-facing services into Azure, such that they are accessible from the public Internet via Azure but have a VPN connection back into our environment. Obviously in this scenario we must rely on Microsoft to protect the public-facing service, which removes all visibility and undermines our investment in our firewalls. (We considered deploying Azure as an extension of the DMZ protected by our on-prem firewalls, but for performance reasons decided against it for the moment.)

Has anyone else considered a similar deployment, and what have been your experiences?

Is PAN working on solutions to allow customers to somehow accommodate this scenario using their products/services?

Re: Protecting private clouds

Retired Member — Tue, 29 Oct 2013 21:36:22 GMT

I believe Azure supports standard IPSec VPN site2site, so what you can do is to use PAN firewall to terminate the VPN connection from Azure cloud back to your main office. I have a customer that is deploying a similar solution, but using AWS instead of Azure.

Re: Protecting private clouds

KGC — Wed, 30 Oct 2013 15:20:16 GMT

This is essentially what we are doing, the challenge is that they want to connect to the Azure-hosted app directly via the MS cloud, and not via our PAN firewall. We obviously can't deploy our own VM PAN out in Azure, so I am looking for options.