Hello Forum,
I have recently started using the new Azure Resource Manager for all my new projects and I've come across an issue where I can't seem to LB the ADFS farm and the WAPS. Here's my setup...
Internal subnet = ADFS servers with a LB and internal private IP on the LB. On-prem users can hit this LB IP via the site to site VPN with no issues.
DMZ subnet = WAP servers with a LB and public IP. External users are hitting the public IP and LB is working as expected.
On the WAPs, I can ping the internal subnet but not the LB IP (by design I'm sure). When I add the ADFS server IPs in the WAP host file, SSO works just fine. However, if I have the host file point to the internal LB IP, SSO stops working.
Logically, this does not make sense to me since the DMZ can communicate with any other internal subnet IP. How am I supposed to properly LB this? Adding the ADFS IPs to the host file is not the best practice and in the classic portal, I had no issues.
Also, on the NSG for internal VM's, I have 443 allowed from the DMZ to any VM on the internal subnet.
Thank you,
Jeremy