Hi AJMAL E ELLATH,
Welcome to Microsoft's Q&A platform! Thank you for asking this inquiry.
- Azure Front Door inherently uses anycast public IP addresses and does not support a private-only frontend IP. This design aligns with its purpose as a global, scalable service for internet-facing applications.
Here’s a summary of how you might address the requirement for private-only access using other Azure services.
- Azure Application Gateway with Private Deployment: For a private-only access model, you can use Azure Application Gateway with a private deployment. Application Gateway supports private IP addresses and can be deployed within a Virtual Network (VNet). This allows you to have a private frontend while still benefiting from application layer load balancing. Refer: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-private-deployment?tabs=portal
- Integration with Azure Firewall: You can use Azure Application Gateway in conjunction with Azure Firewall to control and secure traffic. Azure Firewall can enforce policies, restrict access, and monitor traffic between your Application Gateway and other resources within your VNet. Refer: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gateway/firewall-application-gateway
Updated NOTE: Here are the limitations being the Private Endpoints supported for Azure Front door.
Refer:
https://learn.microsoft.com/en-us/azure/frontdoor/private-link#limitations
Please let us know if the information above meets your needs.
If your query has been resolved, please accept the answer by clicking the "Upvote" and "Accept Answer" buttons on the post.
I look forward to your response and appreciate your time on this.
Regards,
Ganesh