Want to deploy front door in Hub-Spoke architecture to use custom domain for ADB2C, using private endpoint

AJMAL ELLATH 60 Reputation points
2024-09-12T08:06:55.0933333+00:00

I am looking to deploy one Azure front door, we are in Hub Spoke architecture.

Front door - will be deployed in Hub

AD B2C - in different spoke, will be peered with Hub.

I want to configure in a way that no public access is allowed on both frontdoor and ADb2C, and all traffic should be router through firewall.

does front door support private end point ?

Appreciate your support.

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
695 questions
{count} votes

Accepted answer
  1. Ganesh Patapati 1,440 Reputation points Microsoft Vendor
    2024-09-13T16:03:08.7+00:00

    Hi AJMAL E ELLATH,

    Welcome to Microsoft's Q&A platform! Thank you for asking this inquiry.

    • Azure Front Door inherently uses anycast public IP addresses and does not support a private-only frontend IP. This design aligns with its purpose as a global, scalable service for internet-facing applications.

    Here’s a summary of how you might address the requirement for private-only access using other Azure services.

    1. Azure Application Gateway with Private Deployment: For a private-only access model, you can use Azure Application Gateway with a private deployment. Application Gateway supports private IP addresses and can be deployed within a Virtual Network (VNet). This allows you to have a private frontend while still benefiting from application layer load balancing. Refer: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-private-deployment?tabs=portal
    2. Integration with Azure Firewall: You can use Azure Application Gateway in conjunction with Azure Firewall to control and secure traffic. Azure Firewall can enforce policies, restrict access, and monitor traffic between your Application Gateway and other resources within your VNet. Refer: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gateway/firewall-application-gateway

    Updated NOTE: Here are the limitations being the Private Endpoints supported for Azure Front door.

    Refer: https://learn.microsoft.com/en-us/azure/frontdoor/private-link#limitations


    Please let us know if the information above meets your needs.

    If your query has been resolved, please accept the answer by clicking the "Upvote" and "Accept Answer" buttons on the post.

    I look forward to your response and appreciate your time on this.

    Regards,

    Ganesh


    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.