Azure Firewall and restricting traffic only to Front Door

CS10NET 86 Reputation points
2022-09-15T16:00:40.73+00:00

Is there any way to restrict the Azure Firewall to only accept traffic coming from Azure Front Door? I don't see anything in the network or DNAT rules that allows you to add tags? We have requirement where we want ALL traffic to come in through Azure Firewall and if a private endpoint has a DNAT rule with its own public IP, then that public IP is exposed to internet. We would like to only allow traffic if it's coming from Front Door where we would use those same public IP addresses as origins on the backend.

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
576 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
567 questions
Azure Web Application Firewall
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 41,916 Reputation points
    2022-09-15T17:33:08.867+00:00

    Hi @CS10NET ,

    Not sure about the AZ FW but Azure Web Application Firewall can be configured to allow traffic only from FD, afds-overview and routing architecture or a combination of profiles.

    Also check this thread it has similar information that you are after. routig-traffic-from-azure-front-door-to-app-gatewa.html

    ==

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments