Restrict user to only access cross regional load balancer IP and not child regional load balancer IPs

19015919-007 20 Reputation points
2023-03-07T12:25:37.2733333+00:00

I have a cross regional LB in West US region and 2 regional LBs having virtual networks in East US and North Europe Regions. But I want to let internet user to use only cross regional LB's IP and not regional LB's IPs i.e. he should not be able to access regional LB VM's IP address and should only access cross-regional LB's VM's IP. How to do that?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,870 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,426 questions
Access
Access
A family of Microsoft relational database management systems designed for ease of use.
389 questions
Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
439 questions
0 comments
Accepted answer
  1. KapilAnanth-MSFT 45,111 Reputation points Microsoft Employee
    2023-03-08T03:27:33.9233333+00:00

    @19015919-007

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to know if we can block access to the Regional Load Balancer's IP.

    Please let me know if my understanding is incorrect, as I see you have mentioned you want to restrict access to regional LB VM's IP

    Currently, it is not possible to apply NSGs to a public IP associated to a Load Balancer.

    Hence, I am afraid your requirement will not be feasible.

    However, you can consider the below environment to achieve this.

    Kindly let us know if the above helps or you need further assistance on this issue.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,281 Reputation points Microsoft Employee
    2023-03-08T07:50:12.01+00:00

    Hi,

    Azure Load balancer is a layer 4 load balancer and currently it just does the load balancing by forwarding packets to the destination. I get your ask, but this is not supported as of today. This cannot be restricted using NSG as well. You can restrict this from source, but this is something which cannot be controlled as there might be multiple clients from different geographical location accessing the LB's IP.

    I would suggest you to raise a feature ask for Azure Load Balancer .

    As a work around, if you can use Traffic Manager and set Priority rules configured to load balancer between 2 LBs. But again, users can still bypass by directly accessing the LB's IP.

    If your application is a Web server, we have other products which can help you to achieve this.

    Regards,

    Karthik Srinivas

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.