Azure Front Door to allow public access to ASE sites

Andy N 21 Reputation points
2020-12-09T17:57:27.963+00:00

Hi,

I have an ASE with ILB that is already running and has many websites/functions on it.

I’m in need of creating a number of key websites that need to be accessed via the internet and Fromt Door seems the ideal candidate.

Is AFD able to perform this activity? Can it be a bridge between the ASE and internet?

If this isn’t possible, what is the best approach that doesn’t incur significant additional cost.

Cheers

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
575 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,829 questions
0 comments
Accepted answer
  1. Ryan Hill 25,476 Reputation points Microsoft Employee
    2020-12-10T19:52:45.38+00:00

    Hi @Andy N ,

    I don't believe Azure Front Door will work because your ILB doesn't have a public facing IP. AFD routes traffic to an internet facing "backend" i.e. your app service. I would consider two workarounds.

    1. You can configure an WAF as explained in https://learn.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase#configure-an-ilb-ase-with-a-waf-device.
    2. You can create an External ASE which will have the public IP endpoint and migrate your app(s) to that particular ASE.

    If you have any further questions, please feel free to comment below.

    Regards,
    Ryan

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 47,006 Reputation points Microsoft Employee
    2020-12-11T09:38:07.497+00:00

    Hello @Andy N ,

    Azure Front Door wont work in your case, as Front Door needs a public VIP or a publicly available DNS name to route the traffic to. Since ASE ILB is an App Service Environment with a private endpoint (that is, an internal load balancer), it doesn't meet the pre-requisite.

    In your setup requirement, the best approach would be integrating your ILB App Service Environment with an Azure Application Gateway.

    The integration of the application gateway with the ILB App Service Environment is at an app level. When you configure the application gateway with your ILB App Service Environment, you're doing it for specific apps in your ILB App Service Environment. This technique enables hosting secure multi-tenant applications in a single ILB App Service Environment.

    You can refer the below article for step by step process:
    https://learn.microsoft.com/en-us/azure/app-service/environment/integrate-with-application-gateway

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.