Create a Post
Cristian_F_CCSM
Contributor

Static NAT with multiple public IP on MS Azure

Hello, i need a clarification about NAT with multiple public IP with GW CloudGuard in Azure.

Can I assign or route more than only one public IP to CP GW?

I need to pubblic more than one web server (TCP ports 80 and 443) and we would like to use many public IP.


I hope i was clear.


Thanks a lot

5 Replies
Ted_Serreyn
Contributor

You can bind multiple public ip addresses to an external load balancer.

Then you create NAT rules directing http/https to custom ports on the firewall, say http-8001, and https-9001.

Then NAT rules on firewall can change custom ports back to http/https on internal server or internal load balancer.

At some point you will hit a limit as to how many public ip addresses you can bind to the external load balancer, but it is a soft limit that can be changed by Microsoft at request.

We are doing this for production and development servers and so far it appears to be working great!

Cristian_F_CCSM
Contributor

Hello, many thanks for quick reply.

Do you have a document about CP VSEC and Azure Load Balancer?

Thanks again

0 Kudos
1c222f14-a2a8-4
Explorer

Matthias_Haas
Advisor

Hi Cristian,

you could also use Load Balancing Rules and "Floating IP (direct server return)" which allows you to forward the Public IPs to the Firewall. In this case, you don't need that Destination Port NAT on the LB and you will "see" the Public IPs in the Firewall Log.

Regards

Matthias

Cristian_F_CCSM
Contributor

Hello, sorry for extreme delay.

Thanks a lot for the reply.

We will update you after the VSEC GW installation.