Can you place a Azure CloudGuard AppSec VMSS inline behind an Azure CloudGuard VMSS?

Arend — Tue, 21 Nov 2023 13:16:00 GMT

Hi,

We have already installed a CloudGuard VMSS gateway at our customer site in Azure.

Now the customer wants either the Azure Application Gateway or CoudGuard AppSec to protect new to build web applications. We advice CoudGuard AppSec but our best practice is to have a small attack vector and want to place the CloudGuard Appsec behind the CloudGuard gateway.

Is that a feasible scenario? And do you know of any blueprints or examples like this?

Internet(clients) --> External Loadbalancer --> CloudGuard VMSS --> CloudGuard AppSec --> WebApp

cheers,

Arend

Re: Can you place a Azure CloudGuard AppSec VMSS inline behind an Azure CloudGuard VMSS?

Shay_Levin — Wed, 22 Nov 2023 08:50:44 GMT

Yes, it's supported; just one thing you need to take into consideration is that the AppSec is not going to see the original source IP address but the internal IP address of one of the CloudGuradd VMSS instances, "LocalGatewayInternal".

In order to distinguish between the users, you will need to use a different method than the source IP address.

topic Can you place a Azure CloudGuard AppSec VMSS inline behind an Azure CloudGuard VMSS? in Cloud Firewall

Can you place a Azure CloudGuard AppSec VMSS inline behind an Azure CloudGuard VMSS?

Re: Can you place a Azure CloudGuard AppSec VMSS inline behind an Azure CloudGuard VMSS?