Azure Firewall
Hello, Currently i have 3 server with Public IP enabled, and each server have specific rule to allow some ports accessing from internet. What i do is block incoming connection on the NSG. If i have azure firewall, can i block incoming connection from the…
![](https://techprofile.blob.core.windows.net/images/zCxR1gzTUkeGX5-wM6PGoA.png?8DB52A)
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
Express Route Routing Issues (Azure to On-premises route)
Hi @GitaraniSharma-MSFT - We have performed the same setup from this article https://video2.skills-academy.com/en-us/answers/questions/860533/express-route-and-azure-firewall) We have 2 express route premium circuits (East US & South-Central US) with 3…
Routing Issues with S2S VPN VNET Peered with ExpressRoute VNET
The Context: I have 3 VNETS (VNET1, VNET2, VNET3). VNET1 has a S2S VPN allowing on-prem devices to connect to Azure. VNET2 has an ExpressRoute allowing another subnet of on-prem devices to connect to Azure. VNET3 also has an ExpressRoute allowing another…
Azure private zone with on prem ADDNS
I had a requirement to use the Azure firewall proxy to capture and log DNS traffic comping Azure private link services. My plan was to setup conditional forwarder for all private DNS resources from on prem to Azure firewall using firewall proxy to DNS…
Network Security Groups attached to a NIC
Hi: We are investigating which are the current Effective Security Rules that are applied to a Network Interface(NIC). We are aware that we can achieve this using a REST API call: Network Interfaces - List Effective Network Security Groups - REST API …
Site-2-Site VPN with whitelisted IPs
Dear azure team, I setup S2S VPN from azure to an on-prem infrastructure. The status on azure portal says connected. The tunnels are up on both sides but I am unable to pass traffic through it. Pinging the private IP of the onprem systems is failing.…
Azure Database Access from A Different Virtual Network
Dear Azure Team, I have an azure managed mysql database in virtual network vnet1 and a virtual machine in vnet2. I am unable to get this VM to access the database. I have a hub-spoke architecture with both vnet1 and vnet2 peered with my hub-vnet with…
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
Express Route and Azure Firewall
We have express route to on-prem and it is working fine. We are in the process of implementing Az Firewall but are having trouble getting the routing right. I know you cannot add routes to the Express Route subnet so how do we force traffic that…
Hub and Spoke architecture traffic flow issue?
We have a hub and spoke architecture environment. We need communication from vm1 from spoke 1 to communicate to vm2 in spoke 2 using hub and azure firewall in hub vnet. We need to establish this connection without using Virtual Network Gateway. We…
Delay after whitelisting an IP address
Hi, I have a github action that builds and deploys a static website into a Azure Storage account. By default the storage account's firewall rules deny incoming connections so I need to whitelist the github runner's current IP for the duration of the…
Azure VM Access to the Internet via Azure Firewall
Dear Azure Team I am very careful to mess around with our firewalls. We have a number of private VMs in a subnet. The subnet is protected by firewall and there is no direct access to the internet. There is one server in this subnet that needs to connect…
Azure firewall backup with logic app
The backup works and it generate json files with few lines as backup file https://techcommunity.microsoft.com/t5/azure-network-security-blog/backup-azure-firewall-and-azure-firewall-policy-with-logic-apps/bc-p/4165254#M383 I see the restore process with…
![](https://techprofile.blob.core.windows.net/images/84eXqZh4KEGayKJ9OOltlQ.png?8DBCF1)
Azure Firewall Session table
Hi Team, If we manage azure firewall policies through azure firewall manager then Is it possible to see traffic/connections/ session table of Azure firewall from firewall manager or from firewall itself ( Like how we can see traffic in Palo Alto or…
Azure Firewall Policy - Policy Analytics Stopped Working Suddenly
As title says, Policy Analytics suddenly stopped working/indexing the logs, so it no longer show traffic, hits etc. Only can see analytics from about 1 week ago and older now. No known changes done in the environment either, I tried to disable the Policy…
![](https://techprofile.blob.core.windows.net/images/8KcaMUYDAkCAZjXuALd-xw.png?8DA6ED)
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
Internet intent on Azure firewall
Enabling Internet intent on the security configuration of the vhub immediately blocked RDP access to the on premise resources using public IP address. It will probably block web using natted public IP on prem too. Is there any remediation to it?
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
Azure Firewall Outbound DNAT rules
Hi, We are migrating DMZ services to our Azure environment with our Azure premium firewall. I have tested inbound DNAT from an external source without issue. Where we NAT one of the public IP addresses on the Azure firewall to an internal…
Azure firewall policy backup
I was trying this steps manually without the use of script but it appears that this backup does not work on a storage account with the private endpoints.…
Issue with Azure firewall
Hi , I am getting below error in the Azure Firewall when try to update the policies Failed to delete the rule 'rule-2'.application-resources-firewall-chlid-policy Failed with 1 faulted referenced firewalls It is deleted but still getting the error And…
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
How to preserve source IP in Azure Firewall
Our requirement is to preserve the source IP even when the traffic flows through the Azure firewall and then reaches the destination server. We should be able to see the source IP in the logs of the destination server instead of Azure firewalls IP as…
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
Azure Firewall- source IP for ingress traffic
what will be the source IP for ingress traffic from internet on Azure FW. I mean initially request will come from the Internet public IP but once it comes inside the network after passing Azure FW, source IP will be Internet public IP or Firewall private…