How to access a web app hosted using Azure Front Door with geo-filtering to USA outside the USA?

Łukasz Szewczak 0 Reputation points
2024-04-13T10:03:56.97+00:00

Hello,

I am currently in the planning phase for a project, and I have a specific use case. I need to host a web app that should only be available to end users in the US region. However, support personnel who need access to the web app will be from other countries.

Initially, I was thinking of using Azure Front Door with CDN profiles that have geo-filtering to restrict access only to the US region. For support, I thought of creating a dedicated Azure VM in the US region, which would be used for remote access. However, I wonder if I can use Azure VPN instead. Can you guide me on how to do this, or perhaps suggest a better solution?

I really appreciate any help you can provide.

Regards,

Łukasz

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
576 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,381 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 47,421 Reputation points Microsoft Employee
    2024-04-15T13:15:42.07+00:00

    Hello @Łukasz Szewczak ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    Azure Application gateway WAF provides geo-match rules or filtering, but Azure Front Door offers improved configuration.

    Refer: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/geomatch-custom-rules

    So, for geo-filtering, Azure Front Door seems to be the best option.

    Refer: https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-geo-filtering

    https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-tutorial-geo-filtering

    https://learn.microsoft.com/en-us/azure/web-application-firewall/geomatch-custom-rules-examples

    Now, coming to your second question,

    For support, I thought of creating a dedicated Azure VM in the US region, which would be used for remote access. However, I wonder if I can use Azure VPN instead. Can you guide me on how to do this, or perhaps suggest a better solution?

    Could you please provide some additional details on the requirement?

    • If you would like to test the data plane traffic or access to the web app from US, then creating a dedicated Azure VM in the US region is the best way to move forward.
    • But if you would like to have control plane access (to make configuration changes), then access to Azure portal with the proper RBAC permissions is the way to go.

    Azure VPN doesn't fit into this setup.

    If you have any specific requirement, please share the details for further discussion.

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments