I am pretty new to this Palo cloud transit VNet idea. So please excuse me if this is a dumb question 🙂
I have been reading the design guides from Palo and that leads to this question.
As per the docs, we use a public load balancer to accept traffic from the internet and the firewall will destination NAT it to inside VMs. So the load balancer will get an Azure public IP. Any traffic that comes to that IP will be eventually routed to inside VM as per the NAT rules. But what if we have 100s of the different web application that needs access from the internet? Do we still have that one public IP assigned to the load balancer?
As an example, I am hosting 10 different web services and each needs access from outside. Which public IP will those different web service URLs will point to?
@a-techie When using a load balancer in front you have to either use different ports for each of your web server which likely would not be happening in a real scenario or you have to a create new load balancer for every webserver, that would mean 10 load balancers.
Application Gateway would be a better option, you get use 1 gateway for upto 5 domains I think, and you won't have to change front facing port, as an example all domains can have 80/443 from single gateway.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!