Oct 17 2022 12:20 AM
Hello
I working to desing the network architecture on Azure for our needs. I would like to know your suggestions regarding the best appraoch for dmz zone when you needs to host ressources for differents projects/customers. What is you design recommandation ?
If I create a vNet "DMZ_Public" (/16) splitted with in differents subnets :
- Subnet dmzdsi_web and subnet dmzdsi_data for IT Corporate needs (only dmzdsi_Web will be reachable from Internet, dmzdsi_data is for APP/BDD servers used by Web servers)
- Subnet dmzprojA_web and subnet dmzprojA_data for ProjectA needs (only dmzprojA_Web will be reachable from Internet, dmzprojA_data is for APP/BDD servers used by Web servers)
- Subnet dmzprojB_web and subnet dmzprojB_data for ProjectB needs (only dmzprojB_Web will be reachable from Internet, dmzprojB_data is for APP/BDD servers used by Web servers)
- Subnet dmz_sharedServices for servers used by all DMZ subnet such as AD DS, DNS, Patch Management. This zone is to avoid to have traffic from dmz_web into internal network
The vNet DMZ-Public will communicate with my Hub (where is my Palo Alto firewall) via vNet Peering
Is-it correct for you ? Or do you have suggestion or best architecture to cover my needs ?
Regards
Jerome
Oct 23 2022 08:31 AM
Oct 23 2022 08:33 AM