Azure 防火墙：如何将 Internet URL 转换为内部/Intranet URL？

Question

. Answers to this question are eligible for a +50 reputation bounty. Karthikeyan Vijayakumar wants to to this question:

Azure Firewall: How to translate Internet FQDN URL eg: demoweb.demodomain.com to Internal/Intranet URL eg: demoweb.internal.demodomain.com?

I have created the following Vnets

vnet-hub-poc-hubspoke is the Hub Vnet

and both the Vnets are peered as per the HUB-SPOKE model

vnet-hub-poc-hubspoke being a Hub Vnet, it has Azure firewall configured

both the Vnets are connected to Azure Private DNS

Azure Private DNS has a record pointing to the VM deployed on the vnet-prod-poc-hubspoke Vnet

and I could access the FQDN within the internal network

after adding the below rule in Azure Firewall , I could access the website using the firewall public IP

Now, instead of firewall public IP I want to use the domain name like

http://myfirstweb.private.landingzonedomain.com/ (for now, I have updated the hosts file in the client machine pointing to firewall public IP )

what should I do at the azure firewall level so that it would translate Internet URL to Internal/Intranet URL like

http://myfirstweb.private.landingzonedomain.local/

Answer 1

What you want is not possible, because you cannot assign a domain name to your Azure Firewall. What you could do is to create a DNS record at a domain name provider that translates a custom domain to your Azure firewall public IP.

Although I have seen people routing inbound traffic in their vnet, Azure firewall is mainly designed for controlling outbound traffic and traffic flowing between (peered) vnets. When you want to direct inbound traffic to a website or service inside your vnet, you can choose between:

• Application Gateway
• Frontdoor
• Combination of both

All the options above allow you to add custom domains and certificates. On the other hand, when you want to access a virtual machine through rdp or ssh your main options are:

• Bastion host (ie jumpbox)
• VPN
• Cloud Shell