Route Web site traffic through mx250 to Azure

PacketGuy
Just browsing

Route Web site traffic through mx250 to Azure

Hoping for some feeding on a possible cost-saving solution thought up within my team. Our web site is currently 3rd-party hosted. We want to move the web site to Azure, but see if we can route the web traffic through our on-prem mx250 and from there, route through our Azure IPsec tunnel to the web server (thus saving the cost of a firewall device in Azure if web traffic went there directly). We would utilize the DMZ/VLAN model to isolate this traffic from the rest of the network. I think our biggest concern is performance. Traffic is light to moderate to the site. Any thoughts are greatly appreciated.

3 Replies 3
MartinLL
Building a reputation

Need more info about your setup before anything can be recommend. But this should be easy to solve with just plain routing. Advertise your VNET to the Azure IPSEC tunnel and further down to the MX250. BGP or static, both get the job done.

MLL
PhilipDAth
Kind of a big deal
Kind of a big deal

The best solution is to get a Meraki VMX and deploy that into Azure.  Then you can use SD-WAN, which is much more seamless.  It is also relatively cheap to buy the licence.

https://meraki.cisco.com/product/hybrid-cloud/vmx/vmx-small/

 

PhilipDAth
Kind of a big deal
Kind of a big deal

>but see if we can route the web traffic through our on-prem mx250 and ...

 

I would not personally do this.  And I would also not use a firewall to protect the website.  I would look at using a WAF.  In your case, I would look at Azure WAF or maybe CloudFlare.

 

https://azure.microsoft.com/en-us/products/web-application-firewall

 

https://www.cloudflare.com/lp/ppc/waf-x/

 

Get notified when there are additional replies to this discussion.