question

yasserMohamedAbdelMoneim-0269 avatar image
0 Votes"
yasserMohamedAbdelMoneim-0269 asked GitaraniSharmaMSFT-4262 commented

Azure Front Door and ASR

Hello

I have ER from my Main Datacenter to Azure .

I have another 4 branches and i want to create ASR for some servers located in those branches and others in my main datacenter.

I have Cisco ASA on Azure and i have another ASA on-premise.

I want to facilitate ASR by using front door.

for my publishing APP , shall the connection coming from Front door then firewall then Internal load lancer?

How can i configure Azure Front Door to serve my published APPs in My main datacenter and remote branches in both cases( Failover to Azure ASR and Failback)

Do i require to have azure Public ip?

Do i need any changes in my DNS records for published Apps?

Thanks

azure-site-recoveryazure-front-doorazure-expressroute
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SadiqhAhmed-MSFT avatar image SadiqhAhmed-MSFT ·

@yasserMohamedAbdelMoneim-0269 Thank you for your post and I apologize for the delayed response!

These questions would be better answered by the Azure Front Door team. In general, as long as the required URLs for ASR are whitelisted, ASR should work just fine. Please note that the firewalls themselves cannot be protected by ASR as that is an unsupported scenario.

All of the ASR IP Ranges are included in the following JSON File: Download Azure IP Ranges and Service Tags – Public Cloud from Official Microsoft Download Center


0 Votes 0 ·
GitaraniSharmaMSFT-4262 avatar image GitaraniSharmaMSFT-4262 ·

Hello @yasserMohamedAbdelMoneim-0269 ,

Azure Front Door classic is a global load balancer which works at Layer 7 (HTTP/HTTPS layer) and routes your client requests to the fastest and most available application backend. An application backend is any Internet-facing service hosted inside or outside of Azure.
So, yes, you need a Public IP or a publicly resolvable FQDN as it's endpoint.
Refer : https://docs.microsoft.com/en-us/azure/frontdoor/front-door-backend-pool

Azure Front Door Premium (Preview) can connect to your origin via Private Link. Azure Private Link enables you to access Azure PaaS Services and Azure hosted services over a Private Endpoint in your virtual network.
Refer : https://docs.microsoft.com/en-us/azure/frontdoor/standard-premium/concept-private-link

If you are using an Azure webapp/App service, you can follow the below doc to setup Azure Front Door:
https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door

Changes in DNS records are expected if you want to add a custom domain to the Azure Front Door.
Refer : https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain

Now, coming back to your question, could you please clarify what you mean by "I want to facilitate ASR by using front door"?
You have mentioned components such as ExpressRoute, ASR, App, Front Door, Firewall, load balancer but your setup is not very clear.
Could you please provide your current setup and the exact requirement?
Is the published App an Azure App service?
Where are the Firewall and load balancer deployed?

Regards,
Gita

0 Votes 0 ·

0 Answers