Azure application Gateway, Load balancer, palo alto, Azure red hat openshift

N-Open 160

Dear Team,

Hope you are doing well. We need your support on best practices for placement of network/security components to expose an application which is running on azure red hat open shift.

Diagram attached for the placement of ARO and palo alto components.

Our plan is to we have application gateway with WAF,Private load balancer for two Palo alto Firewall in HA mode which is used for internet facing traffic (north south traffic only). This then connects to internal load balancer which connect to two Palo alto Firewall in HA mode for east-west traffic. The palo alto for east west traffic connects to azure red hat open shift.

Can you guide the placement of the above compnents and which is the right way to place it from network and security perspective please?

Thank you.

kobulloc-MSFT 23,496 Reputation points Microsoft Employee

2023-12-04T16:05:34.9466667+00:00
Hello, @N-Open !

I didn't see an attached diagram (which may be a Q&A issue) but from an Azure Red Hat OpenShift architecture standpoint the guidance is as follows in this FastTrack for Azure blog:

https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-red-hat-openshift-reference-architecture-amp-reference/ba-p/3470115

I can't offer specific guidance on Palo Alto, but they do have architecture guides for Azure:

Securing Applications in Azure - Design Guide

Palo Alto reference architecture

See also:

Azure Red Hat OpenShift 3 architecture overview

Let me know if this is helpful in the comments. If not, we may need to get a networking specialist to weigh in on this.