Deep Dive - Azure Gateway Load Balancer and CloudGaurd AutoScale Integration
The new Azure GWLB service simplified the network architecture and allow you to easily get security services using third-party virtual appliances.
Check the Deep Dive video below for a deep dive walkthrough
Thanks for this Deep-dive session.
If in case I deploy CG (Cluster or VMSS) and place below FrontendLB so that it can protect internal Webservers - what difference it makes rather than creating GLB with CG pools as described?
Still we can perform E-W or N-S traffic inspection if CG placed below FrontendLB.
Whats the advantage of this New topology compared to CG placed below FrontendLB.
The main advantage of the GWLB solutions is that you don't need to change the source IP address of the packet for ingress traffic.
So, your webservers will see the client's original source IP address.
With the "regular" scale set deployment, you will need to create a NAT rule that replaces the client's original source IP of the packet with the GW IP address for ingress traffic.
The second advantage is that it’s effortless to connect vNets to the service and protect them; also, the consumer vNet can be located in a different region and on another tenant.
With the “regular” scale set / cluster, you will need to create vNet peering and set UDRs.
The disadvantage of the solution is that Azure does not support E/W traffic for now.
I believe they will solve that limitation soon; as they already got heads up on that.
I hope I answer your question