We have a client wanting us to do some work on their Azure SQL Server and they require a static IP for whitelisting.
The company I manage is a fully remote workforce of around 60 employees. We have no on-prem resources. We don’t have any kind of VPN product. Everything we access is Microsoft 365 and SaaS products.
Only one or two users need to work with this client, but they have dynamically assigned public IP’s at home.
I did some research, but I could easily have made a mistake or made assumptions, and I am not experienced in networking, so please feel free to correct me. Do I need a cloud proxy, a VPN, or a Secure Web Gateway? Or are there other alternatives?
I looked at Azure VPN Gateway first, but the price was over $130/month, then paying for egress traffic on top. In theory, this seems right. Users install the Azure VPN Client, connect to our Azure VNET, and egress traffic all routes through the static public IP directly attached to the VPN Gateway. It could be the most expensive solution.
I looked at ZScaler, Cloudflare, and Twingate, but all of them went way over my head. A lot of it sounded like what I needed on the surface, but when I got into the specifics it didn’t. I trialled Twingate, but couldn’t find a may to manage my public IP. Cloudflare offered a secure web gateway, but to get a dedicated IP for egress required an enterprise plan + an add-on.
I looked at NordVPN. They offer a dedicated static IP solution, but it is assigned per user and is limited to 2 devices. This is seeming like the cheapest, simplest and fastest to deploy solution for my current use case. But it’s going to require a shared account (if 2 people need to use it).
I feel like I’ve gone full circle here and would appreciate any additional perspective or options I’m missing, because at this point I’m a bit overwhelmed with information. In summary, I’ve learned that a Secure Web Gateway would be really useful for us as a business, but it doesn’t solve the current problem I’m facing.