Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Arend
Contributor

Can you place a Azure CloudGuard AppSec VMSS inline behind an Azure CloudGuard VMSS?

Hi,

We have already installed a CloudGuard VMSS gateway at our customer site in Azure.

Now the customer wants either the Azure Application Gateway or CoudGuard AppSec to protect new to build web applications. We advice CoudGuard AppSec but our best practice is to have a small attack vector and want to place the CloudGuard Appsec behind the CloudGuard gateway.

Is that a feasible scenario? And do you know of any blueprints or examples like this?

Internet(clients)  --> External Loadbalancer --> CloudGuard VMSS --> CloudGuard AppSec --> WebApp

 

cheers,

Arend

 

0 Kudos
1 Reply
Shay_Levin
Admin
Admin

Yes, it's supported; just one thing you need to take into consideration is that the AppSec is not going to see the original source IP address but the internal IP address of one of the CloudGuradd VMSS instances, "LocalGatewayInternal".

In order to distinguish between the users, you will need to use a different method than the source IP address.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.