09-22-2018 08:12 AM
We have an existing environment where Palo Alto VM Series was deployed by somebody who is no longer at the company.
I was told that it has never worked. Primary purpose of the firewall is to secure inbound web traffic.
Current configuration is:
AppGateway->LB->2 VM Series->ILB->Web Servers
VM Series VM's had 3 Network interfaces.
I can log into the management UI and see no configuration was done.
I noticed that AppGateway did not have a HTTPS listener so it only accepts HTTP traffic.
None of the subnets have any UDR's defined.
Our requirements can be met by the template published here:
https://github.com/PaloAltoNetworks/azure-applicationgateway
This template eliminates Public LB in front of VM Series so traffic flows like this:
internet->AppGateway->2 VM Series->ILB->Web Servers
What is the benefit of having public LB between AppGateway and the Firewall VM's
Even this template shows Application Gateway without HTTPS listener.
I am wondering why this is the case?
Thanks
09-22-2018 09:52 AM
If you are using an App gateway you don't need a public LB because the APP gateway is public facing. Just note that the App Gateway is for HTTP(S) traffic only. That being said it provides additional benefits such as WAF, SSL termination and decryption etc.
09-22-2018 09:52 AM
If you are using an App gateway you don't need a public LB because the APP gateway is public facing. Just note that the App Gateway is for HTTP(S) traffic only. That being said it provides additional benefits such as WAF, SSL termination and decryption etc.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
