Protecting private clouds

Reply
Highlighted
KGC
L3 Networker

Protecting private clouds

We are in the process of testing the deployment of Internet-facing services into Azure, such that they are accessible from the public Internet via Azure but have a VPN connection back into our environment. Obviously in this scenario we must rely on Microsoft to protect the public-facing service, which removes all visibility and undermines our investment in our firewalls. (We considered deploying Azure as an extension of the DMZ protected by our on-prem firewalls, but for performance reasons decided against it for the moment.)

Has anyone else considered a similar deployment, and what have been your experiences?

Is PAN working on solutions to allow customers to somehow accommodate this scenario using their products/services?

L3 Networker

Re: Protecting private clouds

I believe Azure supports standard IPSec VPN site2site, so what you can do is to use PAN firewall to terminate the VPN connection from Azure cloud back to your main office. I have a customer that is deploying a similar solution, but using AWS instead of Azure.

KGC
L3 Networker

Re: Protecting private clouds

This is essentially what we are doing, the challenge is that they want to connect to the Azure-hosted app directly via the MS cloud, and not via our PAN firewall. We obviously can't deploy our own VM PAN out in Azure, so I am looking for options.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!