Routing from Public Internet to Server in Azure

Stephen Weber 351 Reputation points
2023-01-06T18:28:06.41+00:00

I need to enable users on the public internet to access webservices on an Azure server. I was considering assigning a public IP to the server, but I do believe that this adds additional risks even with the proper server firewall settings. Is there a firewall in Azure which controls access to the azure network and setup a port forwarding to the server?

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
708 questions
0 comments No comments
{count} votes

Accepted answer
  1. Jordan Lee 81 Reputation points
    2023-01-06T20:27:25.18+00:00

    If security is a concern, is a web server vm the only option? Azure App Service would minimize your attack surface by removing the OS and you can attach WAF as complimentary service.

    https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/app-service-web-app/basic-web-app?tabs=cli

    Otherwise, there is Azure Firewall, Web Application Firewall, or Web Application Gateway available at multiple SKUs

    https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gateway/firewall-application-gateway

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Luke Murray 11,246 Reputation points MVP
    2023-01-08T00:04:01.167+00:00

    Hi, Stephen

    There is a few ways of looking at this.

    If its internal users that need access to it - you can either have users connect to the Azure network and access the web server internally - via Azure VPN - https://azure.microsoft.com/products/vpn-gateway/?WT.mc_id=AZ-MVP-5004796

    If its internal users, that need access to a website - you can setup Azure AD Application Proxy - https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy?WT.mc_id=AZ-MVP-5004796 - which will allow you to authenticate using AAD to your webpage externally.

    if its for external users, you can as suggested migrate it to an Azure App Service - https://azure.microsoft.com/products/app-service/?WT.mc_id=AZ-MVP-5004796

    But if you can't do this, then look at Azure Web Application proxy - https://azure.microsoft.com/products/web-application-firewall?WT.mc_id=AZ-MVP-5004796, which supports 80/443.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.