cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Static NAT with multiple public IP on MS Azure

Hello, i need a clarification about NAT with multiple public IP with GW CloudGuard in Azure.

Can I assign or route more than only one public IP to CP GW?

I need to pubblic more than one web server (TCP ports 80 and 443) and we would like to use many public IP.


I hope i was clear.


Thanks a lot

5 Replies

Re: Static NAT with multiple public IP on MS Azure

You can bind multiple public ip addresses to an external load balancer.

Then you create NAT rules directing http/https to custom ports on the firewall, say http-8001, and https-9001.

Then NAT rules on firewall can change custom ports back to http/https on internal server or internal load balancer.

At some point you will hit a limit as to how many public ip addresses you can bind to the external load balancer, but it is a soft limit that can be changed by Microsoft at request.

We are doing this for production and development servers and so far it appears to be working great!

Re: Static NAT with multiple public IP on MS Azure

Hello, many thanks for quick reply.

Do you have a document about CP VSEC and Azure Load Balancer?

Thanks again

0 Kudos

Re: Static NAT with multiple public IP on MS Azure

Re: Static NAT with multiple public IP on MS Azure

Hi Cristian,

you could also use Load Balancing Rules and "Floating IP (direct server return)" which allows you to forward the Public IPs to the Firewall. In this case, you don't need that Destination Port NAT on the LB and you will "see" the Public IPs in the Firewall Log.

Regards

Matthias

Re: Static NAT with multiple public IP on MS Azure

Hello, sorry for extreme delay.

Thanks a lot for the reply.

We will update you after the VSEC GW installation.