Forum Discussion
Azure landing Zone With Application GW and Azure Firewall
Hello Team, I have some query regarding below landing zone . this is proposed landing Zone We have application GW and Azure Firewall in Hub We have Web servers /App servers/Data base serv...
Hello Ganesh,
In your proposed landing zone, if the web server traffic needs to go to the internet, it would be routed through the Azure Firewall in the hub. You can use Azure Firewall's network rules to allow outbound traffic from the web servers in the spoke to the internet via the Azure Firewall in the hub. In addition, you can use application rules to allow or deny specific traffic based on FQDN, IP address range, port, and protocol.
As for best practices, it depends on your specific requirements and the services you are using. However, some general best practices for landing zones in Azure include:
Using a hub-and-spoke topology to isolate critical services and resources from each other.
Deploying infrastructure as code using tools such as Azure Resource Manager (ARM) templates or Terraform.
Implementing security controls such as network security groups (NSGs), Azure Firewall, Azure DDoS Protection, and Azure Security Center.
Using Azure Monitor and Azure Log Analytics to monitor and analyze resource health and performance.
Implementing identity and access management (IAM) controls such as RBAC and Azure AD.
I hope this helps! Let me know if you have any further questions.
Cheers,
Luke Madden
In your proposed landing zone, if the web server traffic needs to go to the internet, it would be routed through the Azure Firewall in the hub. You can use Azure Firewall's network rules to allow outbound traffic from the web servers in the spoke to the internet via the Azure Firewall in the hub. In addition, you can use application rules to allow or deny specific traffic based on FQDN, IP address range, port, and protocol.
As for best practices, it depends on your specific requirements and the services you are using. However, some general best practices for landing zones in Azure include:
Using a hub-and-spoke topology to isolate critical services and resources from each other.
Deploying infrastructure as code using tools such as Azure Resource Manager (ARM) templates or Terraform.
Implementing security controls such as network security groups (NSGs), Azure Firewall, Azure DDoS Protection, and Azure Security Center.
Using Azure Monitor and Azure Log Analytics to monitor and analyze resource health and performance.
Implementing identity and access management (IAM) controls such as RBAC and Azure AD.
I hope this helps! Let me know if you have any further questions.
Cheers,
Luke Madden