This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 42%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
I have currently configured my firewall to limit outbound outbound traffic which is working at the moment but would like to expand this to include inbound traffic as well. We also have, a public Load Balancer which is making it complicated complicated With the firewall in place, I am currently forcing all traffic from the AKS clusters to the Azure Firewall via a Next Hop to its internal IP Address
Any suggestions either for the current implementation or best practise also keeping in mind for future planning would be most helpful
Hi Nick,
I think you will need to change the deployment a bit as Firewall is recommended to be public facing and with a Public IP address to direct the external and internal traffic after scanning and processing the network traffic, ideally like we use to have On-Premise Datacentres Cisco Firewall on the edge network and internal load balancers forwarding and managing the data traffic.
Check this article and recommended setup - https://video2.skills-academy.com/en-us/azure/firewall/integrate-lb
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 93%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBG%3C/text%3E%3C/svg%3E)
@Nick Diaz - did you look at the getting started tutorial for using an [Azure] Firewall with AKS? Here https://video2.skills-academy.com/en-us/azure/firewall/protect-azure-kubernetes-service this covers steps to setup both egress and ingress via the Firewall
Hi, you can use Azure Firewall's IP as your AKS source IP and dnat traffic to your AKS service. Reference: https://video2.skills-academy.com/en-us/azure/firewall/protect-azure-kubernetes-service#restrict-ingress-traffic-using-azure-firewall . This way you can control both outbound and inbound traffic via Azure Firewall.