Azure Front Door lockdown access to Front Door Frontend allowing only VPN access

Stan-7493 86 Reputation points


Is there a way to lockdown Azure Front Door Frontend so it isn't accessible via the internet and only via VPN/Private IP ranges? I know you can attach a Waf and testing it works if I block Remote address which are public IPs.

As I know how to secure communication between the Azure Front Door and the backend just need this last piece of the puzzle
Any help would be appreciated

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
627 questions
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 41,071 Reputation points Microsoft Employee

    Hi @Stan-7493 ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
    I understand that you are trying to restrict FrontDoor access to VPN and private IP Addresses only.

    I am summarizing our discussion and posting it as an answer for better visibility.

    Azure Front Door is a publicly accessible resource. This means that you cannot access AFD using Private IP Addresses.
    You have to NAT your private traffic to public IP Addresses, and only then you can access AFD.

    Now, with respect to VPN, (assuming it's doing a NAT to a public IP pool)



    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments No comments

0 additional answers

Sort by: Most helpful