Quick Question about Azure AppGateway VM Series Deployment

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Quick Question about Azure AppGateway VM Series Deployment

L0 Member

We have an existing environment where Palo Alto VM Series was deployed by somebody who is no longer at the company.

I was told that it has never worked. Primary purpose of the firewall is to secure inbound web traffic.

Current configuration is:

 

AppGateway->LB->2 VM Series->ILB->Web Servers

 

VM Series VM's had 3 Network interfaces.

I can log into the management UI and see no configuration was done.

I noticed that AppGateway did not have a HTTPS listener so it only accepts HTTP traffic.

None of the subnets have any UDR's defined. 

 

Our requirements can be met by the template published here:

https://github.com/PaloAltoNetworks/azure-applicationgateway

This template eliminates Public LB in front of VM Series so traffic flows like this:

internet->AppGateway->2 VM Series->ILB->Web Servers 

 

What is the benefit of having public LB between AppGateway and the Firewall VM's

 

Even this template shows Application Gateway without HTTPS listener.

I am wondering why this is the case?

 

Thanks

 

1 accepted solution

Accepted Solutions

L5 Sessionator

If you are using an App gateway you don't need a public LB because the APP gateway is public facing. Just note that the App Gateway is for HTTP(S) traffic only. That being said it provides additional benefits such as WAF, SSL termination and decryption etc. 

View solution in original post

1 REPLY 1

L5 Sessionator

If you are using an App gateway you don't need a public LB because the APP gateway is public facing. Just note that the App Gateway is for HTTP(S) traffic only. That being said it provides additional benefits such as WAF, SSL termination and decryption etc. 

  • 1 accepted solution
  • 2738 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!