![]() When you introduce the firewall into your load balancer scenario, you want your Internet traffic to come in through your firewall's public IP address. For more information, see Tutorial: Deploy and configure Azure Firewall using the Azure portal. When you deploy an Azure Firewall into a subnet, one step is to create a default route for the subnet directing packets through the firewall's private IP address located on the AzureFirewallSubnet. ![]() ![]() Since the firewall is stateful, it drops the returning packet because the firewall isn't aware of such an established session. In this case, the incoming load balancer traffic is received via its public IP address, but the return path goes through the firewall's private IP address. This issue occurs when a subnet has a default route going to the firewall's private IP address and you're using a public load balancer. Asymmetric routingĪsymmetric routing is where a packet takes one path to the destination and takes another path when returning to the source. With a public load balancer, the load balancer is deployed with a public frontend IP address. However, you need to be aware of an asymmetric routing issue that can break functionality with the public load balancer scenario.įor more information about Azure Load Balancer, see What is Azure Load Balancer? Public load balancer You can use a public load balancer if you already have one deployed and you want to keep it in place. The preferred design is to integrate an internal load balancer with your Azure firewall, as this is a much simpler design. ![]() You can integrate an Azure Firewall into a virtual network with an Azure Standard Load Balancer (either public or internal). ![]()
0 Comments
Leave a Reply. |