Azure Front Door - Private Endpoint with public access

Question

Azure Front Door - Private Endpoint with public access

Nibbler 656

Hello Q&A,

Is it possible to use a private endpoint on the Front Door for public traffic, hence make public access to the endpoint.

2 answers

Your answer

Answer 1

ChaitanyaNaykodi-MSFT 27,481 Microsoft Employee Moderator

Hello @Nibbler , thank you for reaching out.

I might have not understood the question correctly but based on the Private link documentation for Azure Front Door. The request flow is as shown below.

The incoming requests above are from public internet and Azure Front Door endpoint is accessible from internet. With Private endpoint integration Azure Front Door accesses the origin over Microsoft backbone network via private endpoint and this origin is not accessible from the internet.
Currently origin support for direct private end point connectivity is limited to Storage (Azure Blobs), App Services and internal load balancers.

Hope this answers your question! Please let me know if you have any additional questions here, I will be glad to continue with our discussion. Thank you!

Nibbler 656 Reputation points

2022-08-11T08:54:38.393+00:00

Hi @ChaitanyaNaykodi-MSFT

Thanks for your feedback. I may hav misinterpreted the documentation.

So, the privat endpoint should be enabled on the Azure Front Origin (originname-sdftthwf9c5eraqes.z01.azurefd.net) and not the custom domain? Would this be correct?
ChaitanyaNaykodi-MSFT 27,481 Reputation points Microsoft Employee Moderator

2022-08-11T16:22:51.667+00:00

Hello @Nibbler , yes that is correct. Maybe going through these tutorials for enabling private endpoint connectivity for Storage (Azure Blobs), App Services and internal load balancers might help as well. Thank you!
Nibbler 656 Reputation points

2022-08-11T19:53:31.89+00:00

Hi @Chaitanya Kiran Thanks, I got it working...but seems response time is degraded... do you know if the private link setup degrades performance?

Also, do private link can solve SNAT issues on a webapp
ChaitanyaNaykodi-MSFT 27,481 Reputation points Microsoft Employee Moderator

2022-08-12T17:24:47.617+00:00

Hello @Nibbler ,

Based on your questions above

do you know if the private link setup degrades performance?

As documented in the limitations The Azure Front Door Private Link feature is region agnostic but for the best latency, you should always pick an Azure region closest to your origin when choosing to enable Azure Front Door Private Link endpoint. Can you please check if the closest possible Azure region is selected? please let me know if the issue still persists.

Also, do private link can solve SNAT issues on a webapp

Yes, SNAT port restriction does not apply to services secured with private endpoints. This information currently documented here.

Hope this answers your question! Please let me know if you have any additional questions here, I will be glad to continue with our discussion. Thank you!
Nibbler 656 Reputation points

2022-08-13T14:59:12.457+00:00

hi @ChaitanyaNaykodi-MSFT Thanks for great feedback.

When I have implemented the Private Endpoint, I do get the following on the App (See screendumps)

Answer 2

Jorge Contti 0

Hi, I tried to do this connecting the frontdoor to my storage account which is serving a single page app using the private link but I received this error...:(

Screenshot 2023-01-17 at 16.15.36

Share via

Azure Front Door - Private Endpoint with public access

2 answers

Your answer