cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Home

Internet Traffic Flow for Web App Server in Microsoft Azure and placement of NVA & App Gateway

%3CLINGO-SUB%20id%3D%22lingo-sub-866644%22%20slang%3D%22en-US%22%3EInternet%20Traffic%20Flow%20for%20Web%20App%20Server%20in%20Microsoft%20Azure%20and%20placement%20of%20NVA%20%26amp%3B%20App%20Gateway%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-866644%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20All%2C%3C%2FP%3E%3CDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EI%60m%20trying%20to%20implement%20Traffic%20Manager%2C%20application%20gateway%20and%20Fortigate%20Firewall.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EHowever%2C%20not%20sure%20what%20Is%20the%20right%20flow%20after%20Traffic%20Manager%20i.e.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EExample%3A%20Accessing%20a%20Web%20Server%20via%20Internet%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EInternet%20----%26gt%3BTraffic%20Manager%20----%26gt%3B%20Azure%20App%20Gateway%20----%26gt%3B%20Fortigate%20Firewall%20----%26gt%3B%20Target%20Web%20VM%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EOr%2C%20replace%20Azure%20App%20Gateway%20with%20Fortigate%20Firewall%20i.e.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EInternet%20----%26gt%3BTraffic%20Manager%20----%26gt%3B%20Fortigate%20Firewall%20----%26gt%3B%20Azure%20App%20Gateway----%26gt%3B%20Target%20Web%20VM%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EKindly%20help%20to%20understand%20the%20network%20flow.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-866644%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVirtual%20Network%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-867313%22%20slang%3D%22en-US%22%3ERe%3A%20Internet%20Traffic%20Flow%20for%20Web%20App%20Server%20in%20Microsoft%20Azure%20and%20placement%20of%20NVA%20%26amp%3B%20App%20Gatew%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-867313%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20you%20be%20implementing%20this%20application%20in%20multiple%20regions%3F%20The%20traffic%20manager%20routes%20traffic%20at%20the%20DNS%20level%20and%20has%206%20routing%20methods.%20The%20end%20client%20will%20connect%20directly%20into%20the%20Azure%20region%20after%20hitting%20the%20traffic%20manager%20and%20all%20further%20traffic%20will%20bypass%20the%20traffic%20manager%20for%20that%20session.%20Depending%20on%20your%20load%20balancing%20needs%20and%20if%20you%20have%20the%20application%20in%20one%20region%20I%20would%20recommend%20the%20Application%20Gateway%20and%20enabling%20the%20Web%20Application%20Firewall.%20This%20would%20limit%20the%20number%20of%20resources%20and%20complexity%20of%20your%20networking.%20This%20would%20combine%20the%20Traffic%20Manager%2C%20Fortigate%20Firewall%2C%20and%20the%20Azure%20App%20Gateway.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20routing%20would%20look%20like%20this.%26nbsp%3B%3C%2FP%3E%3CP%3EInternet--%26gt%3BApplication%20Gateway(Web%20Application%20Firewall)--%26gt%3BTarget%20Web%20VM.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20of%20course%20is%20dependent%20on%20what%20other%20VM's%20and%20services%20you%20are%20configuring%20to%20site%20behind%20the%20Fortigate.%20If%20its%20just%20this%20one%20VM%20in%20a%20singe%20region%2C%20I%20would%20strongly%20suggest%20going%20with%20the%20Application%20gateway%20instead.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapplication-gateway%2Fwaf-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapplication-gateway%2Fwaf-overview%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F180469%22%20target%3D%22_blank%22%3E%40Admin%20O365%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Admin O365
Frequent Contributor

‎09-19-2019 11:27 PM

‎09-19-2019 11:27 PM

Internet Traffic Flow for Web App Server in Microsoft Azure and placement of NVA & App Gateway

Hello All,

I`m trying to implement Traffic Manager, application gateway and Fortigate Firewall.
However, not sure what Is the right flow after Traffic Manager i.e.
Example: Accessing a Web Server via Internet
Internet ---->Traffic Manager ----> Azure App Gateway ----> Fortigate Firewall ----> Target Web VM
Or, replace Azure App Gateway with Fortigate Firewall i.e.
 
Internet ---->Traffic Manager ----> Fortigate Firewall ----> Azure App Gateway----> Target Web VM
 
Kindly help to understand the network flow.
 
150 Views
0 Likes
1 Reply
Reply
1 Reply
Bryan Haslip

‎09-20-2019 07:01 AM

‎09-20-2019 07:01 AM

Re: Internet Traffic Flow for Web App Server in Microsoft Azure and placement of NVA & App Gatew

Will you be implementing this application in multiple regions? The traffic manager routes traffic at the DNS level and has 6 routing methods. The end client will connect directly into the Azure region after hitting the traffic manager and all further traffic will bypass the traffic manager for that session. Depending on your load balancing needs and if you have the application in one region I would recommend the Application Gateway and enabling the Web Application Firewall. This would limit the number of resources and complexity of your networking. This would combine the Traffic Manager, Fortigate Firewall, and the Azure App Gateway. 

 

The routing would look like this. 

Internet-->Application Gateway(Web Application Firewall)-->Target Web VM. 

 

This of course is dependent on what other VM's and services you are configuring to site behind the Fortigate. If its just this one VM in a singe region, I would strongly suggest going with the Application gateway instead. 

 

https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview

 

 

 @Admin O365 

0 Likes
Reply
Related Conversations
Multiple Node Pools on Azure Kubernetes Service
 jaydestro in Azure on 04-06-2020
0 Replies
Installing Windows server on Azure Hybrid Benefits for WS
 David_Gd in Azure on 04-06-2020
2 Replies
Microsoft Office for Android - Insert Date
 David Gorman in Office Apps on 04-06-2020
0 Replies
OneDrive for Business - Remote Web Access
 RykenUK in OneDrive for Business on 04-06-2020
1 Replies
Differences between MySQL and MariaDB as Azure managed services
 RadMar in Azure on 04-06-2020
0 Replies
I've been mainly using Bing engine for the past 3 months and this is my review
 HotCakeX in Bing on 04-05-2020
2 Replies