This post has been republished via RSS; it originally appeared at: Azure Global articles.
First published on MSDN on Dec 11, 2018
How's that for a detailed title? Regardless, we have a new Reference Architecture (on the Azure Architecture Center) to announce from AzureCAT Keith Mayer. It was edited by Nanette Ray and Mike Wasson.
This architecture uses two Azure virtual machines to host the NVA firewall in an active-passive configuration that supports automated failover, but it does not require Source Network Address Translation (SNAT). 
The complete solution is available on GitHub:
The GitHub repo offers a JSON template, a PowerShell script, the prerequisites, and full deployment instructions.
This new architecture is one of five related architectures available in that Docs Reference Architecture article. Select the best architecture, based on your needs for resources and configurations:
| Solution | Benefits | Considerations |
| Ingress with layer 7 NVAs | All NVA nodes are active | Requires an NVA that can terminate connections and use SNAT Requires a separate set of NVAs for traffic coming from the Internet and from Azure Can only be used for traffic originating outside Azure |
| Egress with layer 7 NVAs | All NVA nodes are active | Requires an NVA that can terminate connections and implements source network address translation (SNAT) |
| Ingress-Egress with layer 7 NVAs | All nodes are active Able to handle traffic originated in Azure |
Requires an NVA that can terminate connections and use SNAT Requires a separate set of NVAs for traffic coming from the Internet and from Azure |
| PIP-UDR switch | Single set of NVAs for all traffic Can handle all traffic (no limit on port rules) |
Active-passive Requires a failover process |
| PIP-UDR without SNAT | Single set of NVAs for all traffic Can handle all traffic (no limit on port rules) Does not require configuring SNAT for inbound requests |
Active-passive Requires a failover process Probing and failover logic run outside the virtual network |
You can find a library of 20+ Reference Architectures on the Azure Architecture Center .
Learn more
- Virtual network traffic routing: Custom routes
- Tutorial: Route network traffic with a route table using the Azure portal
- Azure Functions documentation
- Azure Virtual Network Appliances
AzureCAT Guidance
"Hands-on solutions, with our heads in the Cloud!"