We are planning to create a new NSG on the application VM on Azure

We are planning to create a new NSG on the application VM on Azure.
We need to know the following information. Does Cloudflare use any source NAT for the user traffic, if does provide us with the public IP.
If you can share the diagram or architecture of the traffic flow, it would help us understand.

Background info…

User IP addresses…

What do you mean by that?

There is no NAT service in a network sense, Cloudflare is a simple reverse proxy service. There is no particular public IP address, but Cloudflare randomly assigns addresses and resolves your domain to them if your domain is using Cloudflare.

If you were asking for the addresses connecting to your server, you’ll find them at IP Ranges

Do you mean Cloud fare doesn’t have a static IP address?
We are talking about IP address Natting for the user traffic visibility.

What do you mean by static address? The assigned addresses are static in the sense that they won’t change on each request, however they still can change at any time. You cannot rely on the addresses Cloudflare assigned at any given time.

There is no “natting” in the first place, Cloudflare is a proxy service, so the proxies will front your site.

If you need the guarantee that the address does not change, you will need an Enterprise plan. Reach out to sales for more information.

When the packet reaches VM on Azure, what will be the source IP?
It would be User IP address or Cloudflare IP address?

Being a proxy, the proxy address of course. I mentioned the list of addresses earlier and sjr posted the article on what to do to get the client address.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.