We are in the process of testing the deployment of Internet-facing services into Azure, such that they are accessible from the public Internet via Azure but have a VPN connection back into our environment. Obviously in this scenario we must rely on Microsoft to protect the public-facing service, which removes all visibility and undermines our investment in our firewalls. (We considered deploying Azure as an extension of the DMZ protected by our on-prem firewalls, but for performance reasons decided against it for the moment.)
Has anyone else considered a similar deployment, and what have been your experiences?
Is PAN working on solutions to allow customers to somehow accommodate this scenario using their products/services?
I believe Azure supports standard IPSec VPN site2site, so what you can do is to use PAN firewall to terminate the VPN connection from Azure cloud back to your main office. I have a customer that is deploying a similar solution, but using AWS instead of Azure.
This is essentially what we are doing, the challenge is that they want to connect to the Azure-hosted app directly via the MS cloud, and not via our PAN firewall. We obviously can't deploy our own VM PAN out in Azure, so I am looking for options.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!