NAT Gateway | Internet Gateway | DNAT Gateway

 Internet Gateway:

        By default, all resources/virtual machines will have an internet access because the default routes have a path to internet as below.



 This is the not best practice as we are exposing the azure resource IP to the internet which is a security concern. To access the internet but without exposing the private IP of a resource can be done using NAT gateway(SNAT) or DNAT.

 

NAT Gateway:

        It is otherwise called as Source NAT as this helps to hide the source IP address of a specific instances when it connects to the internet. NAT Gateway will  precedence over Internet gateway.

 

Azure definition is as follows 'A NAT gateway allows you to connect your private resources in a virtual network to the internet without using public IP addresses. It performs source network address translation (SNAT) for outbound traffic by replacing the private source IP address with a public IP address'

 

     This will only allow traffic from internal resource to the outside internet not the vice versa. NAST gateway can be used for various resources like VM, AKS, Azure Functions, App Services, Data Bricks etc.

 

    NAT gateway is a managed services and can have up to 16 public IP addresses. Each IP can support up to 64000 parallel connections(TCP/UDP). Each NAT gateway resource can support up to 50Gbps of inbound and outbound traffic.

 

    Points to be noted:

            - Each VNET/Subnet can have only one NAT gateway

            - Multiple Subnet can have a single NAT gateway or its own NAT gateway

            - But multiple VNET cannot have a same NAT gateway.

 

DNAT:

    Destination NAT helps to hide the destination address in the Azure. This works closely with Azure Firewall services to control the inbound traffic as well.

    

 

 


Comments

Post a Comment

Popular posts from this blog

On-premise Database to Azure Database using DMA (Data Migration Assistant)

Image
Database Migration: In this exercise, we are going to see how to migrate on-premise SQl DB to Azure SQL DB Azure Migrate: Create Azure Migrate project for Databases only. Onprem DB: Name of the on-premise DB is ‘OnpremDB’ ‘MigratefromOnprem’ is the Azure SQL Database.   Install Data Migration Assistant on On-prem server which has full access to SQL DB server. DMA tool helps to conduct the assessment to check the dependency and compatibility. Once done we can run the migration. Create a Project: Check DB compatibility and Feature parity for an assessment Add source DB for an assessment Once assessment is done, upload the assessment to Azure Migrate Project   ‘ Onprem2AzureSQL’ Assessment is now reflected in Azure Migrate project   Create Migration project in DMA: Configure Source and Target SQL DB details Select the target DB where the Source DB will migrate to Select the Source Object to Migrate and generat...
Read more

Entra Connect/Azure AD Connect V2

Image
On-prem AD to Azure AD Synchronization using Azure AD Connect                                 Azure AD Connect is a tool which helps to synchronize the On-premises AD Directory with the Azure AD Directory. I have the following domain in my both On-prem and Azure AD Directory. On-prem AD Domain: topathirazure.online Azure AD Domain: topathirazure.online If the same domain is not found in the Azure AD, all users will get sync’d with the default directory’s primary domain. Below are the users who are part of On-prem AD. I want these users to use the cloud VMs/Applications hosted in Azure Cloud. For that I need to sync the users from On-prem to Azure AD. We cannot Sync Azure AD users to On-prem. Below users are currently available in the Azure AD Tenant. To sync the ...
Read more

Azure File Sync

Image
  Azure File Sync:                                 Azure File Sync enables centralizing your organization's file shares in Azure Files. We can use File sync to migrate the on-premises data to Azure File shares. It's a 2 way synchronization. There are 4 main benefits of using Azure File Sync. 1.Cloud Tiering                 Least accessed data can be moved to cloud. 2. Multi-site access and synchronization                 Azure File Sync is ideal for distributed access scenarios. For each of your offices, you can provision a local Windows Server as part of your Azure File Sync deployment. Changes made to a server in one office automatically sync to the servers in all othe...
Read more