Hello @Łukasz Szewczak ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Azure Application gateway WAF provides geo-match rules or filtering, but Azure Front Door offers improved configuration.
Refer: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/geomatch-custom-rules
So, for geo-filtering, Azure Front Door seems to be the best option.
Refer: https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-geo-filtering
https://learn.microsoft.com/en-us/azure/web-application-firewall/geomatch-custom-rules-examples
Now, coming to your second question,
For support, I thought of creating a dedicated Azure VM in the US region, which would be used for remote access. However, I wonder if I can use Azure VPN instead. Can you guide me on how to do this, or perhaps suggest a better solution?
Could you please provide some additional details on the requirement?
- If you would like to test the data plane traffic or access to the web app from US, then creating a dedicated Azure VM in the US region is the best way to move forward.
- But if you would like to have control plane access (to make configuration changes), then access to Azure portal with the proper RBAC permissions is the way to go.
Azure VPN doesn't fit into this setup.
If you have any specific requirement, please share the details for further discussion.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.