Azure AVD Security
Hi I am looking to setup an AVD environment for 5 remote users. and I am seeking advice on whether I need a firewall or not. The Azure firewall at €914 per month seems excessive. I plan on using Defender for buisness which is in Business…
Recommended approach to split logs from Shared Services Hub
Currently we have a Hub and Spoke topology implemented and we do have shared resources like Azure Firewall, API Management and App Gateway, we would like to validate what would be the recommended approach to split those logs into the spokes (Storage…
Questions about Azure Firewall : Number of AZ
Hello, I created an Azure Firewall since February 2022, i would like to know how many AZ this Firewall works ? i can see in "properties" Azure Firewall, in "Availability zone" : "-" What does it means ? (please,…
Azure firewall rule migration
Can you please advise how to migrate azure firewall rules from one firewall to another preferably through GUI maybe firewall manager If possible, share some documentation around it
Azure firewall proxy
Hello, If you have set up several DNS servers behind an Azure Firewall DNS Proxy. For example your own DNS server and Azure DNS. How does the DNS request that goes through the DNS Proxy know where to go? Does the request choose a random DNS server…
How to import Azure Public IP Range JSON to Azure Firewall
Hello, I downloaded the JSON from the following link: https://www.microsoft.com/en-us/download/details.aspx?id=56519 which includes all the Azure public ip address. How can I import the file to my Azure firewall configuration? Thanks.…
Azure Firewall and restricting traffic only to Front Door
Is there any way to restrict the Azure Firewall to only accept traffic coming from Azure Front Door? I don't see anything in the network or DNAT rules that allows you to add tags? We have requirement where we want ALL traffic to come in through Azure…
Azure Firewall in existing Azure subscription
Hi, We have Azure subscription and resources under that is all working fine. But we want to implement firewall as we had an attack from unknown malicious IP addresses. Currently we have ResourcegroupUAT • Network Interface • Virtual…
Updatemanagement in Automation Account doesn't work anymore when vnet is routed to an Azure Firewall
Hi, I have a strange problem and would like to ask for support. I have an updatemanagement scheduled in an Azure Automation Account for linux and windows VMs. The updatemanagement works fine. I have recently created an Azure firewall and routed…
Unable to delete the Azure firewall since my visual studio subscription hit the monthly limit
Hello, I had spun up a firewall instance which used up my monthly credit eventually disabling my subscription. When I try to delete the firewall instance, I end up with the error below. Failed to delete the Azure Firewall 'azfw-vnet-hub-secured'.…
Can't access to an azure virtual machine with SSH
Hello, I have an external kong that act has a gateway "http://api.company.fr" to multiples api that are on azure virtual machines, OS is debian everywhere. I have also an internal kong to make the links between the external kong and…
How to detect external IP while SNAT is turned on?
When traffic is facing my Firewall, both SNAT and DNAT are enabled. SNAT converts the external IP into the FWs IP, so my next hop (WAF) sees the traffic as originated by the FW. For the DNAT, Microsoft supports the following audit: TCP…
Azure: Are there best practices for intrusion dectection alerts?
Hey, we are trying to find best practices for our alert-management in Azure. We have a next generation Azure firewall/Application Gateway/WAF and the OWASP rules activated. Now we are trying to create "good" alerts to notify us. Does…
Azure Firewall logs not showing the network rule name
Is there anyway to show the network rule name in the output I have read that this has been added in the preview release and followed the configuration to enable that from the documentation…
Can vNET spoke to vNET spoke traffic be routed through an Azure Firewall deployed into a dedicated security spoke?
I am working on a virtual wan deployment for a client and came across this scenario. The client would like to use vWAN with two hubs in separate Azure regions. There would be various application and identity spokes connected to the virtual hubs. There is…
User requesting remote access to all deployed resources in a virtual network (vnet). What is the best, and most secure, way to allow these IP addresses remote access?
So a user has requested that two IP groups (source) be allowed remote access (ports 22, 3389, 5985, 5986) to resources deployed in a certain VNET. I am trying to figure out the best way to allow this access through. Under the VNet in question, there are…
Outbound NAT on private network through Azure firewall
Hello, I'm currently setting a new azure environment and I'm having troubles to understand what is the best course of action here. I have a Vnet with 2 subnets, Subnet 1 for Azure firewall and Subnet 2 for Azure VM. I want my VMs to be able…
Can I allow passive FTP ports through Azure Firewall ?
Hello, I have a Windows Server on Azure with a filezilla server installed. This VM is behind an Azure Firewall. To access the FTP server I made a DNAT rule in the Firewall to NAT traffic from the public ip on port 22022 (that I use for FTPS) to…
Locking down Azure App service access to an IP range
I'm trying to secure access to a very simple app running in an Azure App Service. This app accepts HTTP POST requests (HTTPS unavailable) from a vendor and writes the output to Azure Queue Storage. Currently I'm using an inbound traffic restriction…
S2S VPN via a Virtual Gateway and Firewall Route table causing issues
I have a S2S VPN via a Virtual Gateway. The Virtual Gateway is part of the VNET we have our Azure Firewall configured for. The S2S VPN works fine and I can connect to the resources on the On-Premise side of the VPN from an Azure Machine within the…