Azure Virtual Machine Firewall

firewall azure virtual-network

I'm not overly familiar with Watchguard, however assuming it only supports a single NIC as you say then first you need capabilities to route traffic to your web applications based on the path or url. If the FW doesn't support this then yes you would need something after the Firewall to handle that routing. Application Gateway is one way to do this with Azure and is probably the simplest approach. You could also look at any other reverse proxy like Nginx etc.

As far as being able to RDP to your VM's, I would look to avoid exposing this to the internet and FW at all. I would recommend looking at using Azure Bastion, which effectively provides a jump box as a service, you can then use this to access all your VM's.

Related

Terraform: Getting the public IP of a Windows vm in Azure
Powershell disable azure subscription
Can VCenter use mac book pros as physical hosts?
How to estimate how long an rsync of 427GB directory comprises of 470k subdirectories and 4476k files would take?
Is it possible to copy data from one Ansible Tower to another?
How to convert and save raw data to PDF format using ansible
Unable to get part of a play to run locally on AWX
Stripping index.html and .html from URLs with nginx
how to keep passwords out of terraform code file
NIC spontaneously switches between 100 and 1000 Mbit [closed]
Moving an AD user account from one domain to another within same forest
kernel reported iSCSI connection 1:0 error (1022-Invalid or unknown error code) state (3) Fed 25/VessRaid/rsnapshot