We are moving some web services that run on IIS and have SSL Setting to 'Require' Client certificate. The callers of our service provide a ssl client certificate and that must be passed through by the loadbalancer to the backend server/VM. In short, whatever certificate the caller provided must be made available to the backend server. F5 allows this today.
What loadbalancer offering in Azure can satisfy this use case? (without code changes to our existing services, some wcf and some webapi running on IIS on VMs)
- App Gateway I see can makes the caller provided certificate available via a header variable. But that is not pass through and would require us to make changes in our services to get the certificate from a header variable.
- Can Azure Premium firewall do what we want?
..OR do we have to resort to standing up F5 in azure VM?