Hi @Stan-7493 ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are trying to restrict FrontDoor access to VPN and private IP Addresses only.
I am summarizing our discussion and posting it as an answer for better visibility.
Azure Front Door is a publicly accessible resource. This means that you cannot access AFD using Private IP Addresses.
You have to NAT your private traffic to public IP Addresses, and only then you can access AFD.
Now, with respect to VPN, (assuming it's doing a NAT to a public IP pool)
- Your action plan is correct.
- You can allow the public IP pool of your VPN (rule with lower priority)
- And block all other ranges
- https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction
Cheers,
Kapil
----------------------------------------------------------------------------------------------------------------
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.