Azure DDoS - Public IP and Virtual network

N-Open 160 Reputation points
2023-11-22T04:22:46.0966667+00:00

Dear Team,

We have a setup where we are going to use a public ip for Azure Firewall (Hub vNet) and this Azure Firewall is in a virtual network (Hub vNet) which is connecting to backend application running on ARO on seprate vNet (Spoke vNet)

Do I need to use both Azure DDoS IP protection to protect public IP and Azure DDoS network protection to protect virtual nerwork.

Please advice.

Azure DDos Protection
Azure DDos Protection
An Azure service that provides defense against distributed denial-of-service (DDoS) attacks.
71 questions
{count} votes

Accepted answer
  1. Adam Zachary 2,911 Reputation points
    2023-11-22T04:57:15.8+00:00

    Hi,

    For your Azure setup with a public IP for Azure Firewall in a Hub VNet and backend applications in a Spoke VNet, you should apply Azure DDoS Protection Standard to both the public IP and the virtual network. This protection will cover the public IP attached to your Azure Firewall and extend enhanced DDoS mitigation capabilities to your entire virtual network, including your backend applications. This approach ensures comprehensive protection against DDoS attacks for both the network entry point and the internal network infrastructure.

    Kindly if you find the provided information helpful and it resolves your query, please consider accepting the answer. Your feedback is valuable and helps ensure the quality and relevance of the responses.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Adam Zachary 2,911 Reputation points
    2023-11-22T05:07:24.98+00:00

    Yes, that's correct. For the public IP on the Azure Firewall, you use Azure DDoS IP protection. For the Hub and Spoke vNet architecture, you use Azure DDoS Network protection, which will cover the entire virtual network infrastructure. This two-tiered approach ensures both the specific entry point and the broader network are safeguarded against DDoS attacks.

    Kindly if you find the provided information helpful and it resolves your query, please consider accepting the answer. Your feedback is valuable and helps ensure the quality and relevance of the responses.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.