Exposing web servers to internet in Azure

Mohamed jihad bayali 1,131 Reputation points
2023-03-22T18:22:37.9133333+00:00

Hello Team,

I'm working on an architecture for one of our customers,

The customer need to host his web server on Azure (CMS web server), the web server need to be exposed to internet

I have some questions about the frontal connection of the web Server,

Since the web server will scale, i though of adding an Azaure load balancer to the infrastructure to load balance the traffic between the web servers, but i have the following question :

In this scenario, the load balancer need to be infront or behind the Firewall?

If the load balancer is in front of the firewall, it means that all the traffic will reach the load balancer first, then the load balancer will route the traffic to the firewall, and then the firewall will route the traffic to the backend servers, but with this scenario, the role of the load balancer is played by the FW not the load balancer right?

In the second scenario, the traffic will reach the FW first, then the FW will route the traffic to the load balancer, then the load balancer will route the traffic to the backend servers, this scenario seems more correct to me.

I want to know your opinions about this, thank you

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
653 questions
Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
432 questions
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 44,311 Reputation points Microsoft Employee
    2023-03-23T04:54:19.83+00:00

    @Mohamed jihad bayali

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you are planning to deploy a CMS web server in Azure and this would require scaling.

    Using Load Balancer and Azure Firewall is not a good approach.

    Instead, you should consider using App gateway + WAF

    Load-balancing options in Azure

    Azure Web Application Firewall on Azure Application Gateway

    Please note that in case you are going to use a Public Standard Load Balancer, then using a Firewall will not help.

    • You are correct, using a Firewall behind Azure LB will not yield any load balancing as you cannot add a backend pool to a Firewall
    • Using a Firewall in front of a Internal Load Balancer may be a consideration, as you mentioned.
    • However, this would place a huge load in Azure Firewall as Azure Firewall is not designed to provide Internet load balancing

    I would suggest you to check the various features of WAF and go along with a App gateway for any HTTP or HTTPS web servers.

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil


    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.