- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: Static NAT with multiple public IP on MS Azure
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Static NAT with multiple public IP on MS Azure
Hello, i need a clarification about NAT with multiple public IP with GW CloudGuard in Azure.
Can I assign or route more than only one public IP to CP GW?
I need to pubblic more than one web server (TCP ports 80 and 443) and we would like to use many public IP.
I hope i was clear.
Thanks a lot
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can bind multiple public ip addresses to an external load balancer.
Then you create NAT rules directing http/https to custom ports on the firewall, say http-8001, and https-9001.
Then NAT rules on firewall can change custom ports back to http/https on internal server or internal load balancer.
At some point you will hit a limit as to how many public ip addresses you can bind to the external load balancer, but it is a soft limit that can be changed by Microsoft at request.
We are doing this for production and development servers and so far it appears to be working great!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, many thanks for quick reply.
Do you have a document about CP VSEC and Azure Load Balancer?
Thanks again
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Cristian,
You can check below link.
Regards,
Deepak Sharma.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Cristian,
you could also use Load Balancing Rules and "Floating IP (direct server return)" which allows you to forward the Public IPs to the Firewall. In this case, you don't need that Destination Port NAT on the LB and you will "see" the Public IPs in the Firewall Log.
Regards
Matthias
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, sorry for extreme delay.
Thanks a lot for the reply.
We will update you after the VSEC GW installation.