Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
655 questions
2 answers
Azure AVD Security
Hi I am looking to setup an AVD environment for 5 remote users. and I am seeking advice on whether I need a firewall or not. The Azure firewall at €914 per month seems excessive. I plan on using Defender for buisness which is in Business…
asked 2022-09-29T15:46:31.29+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 54%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Neil Phelan
1
Reputation point
commented 2022-10-03T17:27:19.46+00:00
Andrew Blumhardt
9,856
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Recommended approach to split logs from Shared Services Hub
Currently we have a Hub and Spoke topology implemented and we do have shared resources like Azure Firewall, API Management and App Gateway, we would like to validate what would be the recommended approach to split those logs into the spokes (Storage…
asked 2022-09-20T22:09:41.56+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 42%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELA%3C/text%3E%3C/svg%3E)
Leonardo Alberto Moreira
41
Reputation points
accepted 2022-09-29T17:24:54.31+00:00
Leonardo Alberto Moreira
41
Reputation points
1 answer
Questions about Azure Firewall : Number of AZ
Hello, I created an Azure Firewall since February 2022, i would like to know how many AZ this Firewall works ? i can see in "properties" Azure Firewall, in "Availability zone" : "-" What does it means ? (please,…
asked 2022-09-28T13:36:15.863+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 63%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
LaurentC
1
Reputation point
answered 2022-09-28T15:15:05.703+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
25,846
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Azure firewall rule migration
Can you please advise how to migrate azure firewall rules from one firewall to another preferably through GUI maybe firewall manager If possible, share some documentation around it
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 60%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
1 answer
Azure firewall proxy
Hello, If you have set up several DNS servers behind an Azure Firewall DNS Proxy. For example your own DNS server and Azure DNS. How does the DNS request that goes through the DNS Proxy know where to go? Does the request choose a random DNS server…
asked 2022-09-16T06:23:56.007+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 32%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Erik
1
Reputation point
answered 2022-09-16T11:32:00.223+00:00
GitaraniSharma-MSFT
49,481
Reputation points Microsoft Employee
2 answers
How to import Azure Public IP Range JSON to Azure Firewall
Hello, I downloaded the JSON from the following link: https://www.microsoft.com/en-us/download/details.aspx?id=56519 which includes all the Azure public ip address. How can I import the file to my Azure firewall configuration? Thanks.…
asked 2022-09-07T09:17:46.463+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 23%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Samuel Cheung
1
Reputation point
commented 2022-09-16T09:35:56.1+00:00
rafalzak
3,221
Reputation points
1 answer
Azure Firewall and restricting traffic only to Front Door
Is there any way to restrict the Azure Firewall to only accept traffic coming from Azure Front Door? I don't see anything in the network or DNAT rules that allows you to add tags? We have requirement where we want ALL traffic to come in through Azure…
asked 2022-09-15T16:00:40.73+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 91%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
CS10NET
86
Reputation points
answered 2022-09-15T17:33:08.867+00:00
JimmySalian-2011
42,171
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Firewall in existing Azure subscription
Hi, We have Azure subscription and resources under that is all working fine. But we want to implement firewall as we had an attack from unknown malicious IP addresses. Currently we have ResourcegroupUAT • Network Interface • Virtual…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 73%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Updatemanagement in Automation Account doesn't work anymore when vnet is routed to an Azure Firewall
Hi, I have a strange problem and would like to ask for support. I have an updatemanagement scheduled in an Azure Automation Account for linux and windows VMs. The updatemanagement works fine. I have recently created an Azure firewall and routed…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 9%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZK%3C/text%3E%3C/svg%3E)
2 answers
Unable to delete the Azure firewall since my visual studio subscription hit the monthly limit
Hello, I had spun up a firewall instance which used up my monthly credit eventually disabling my subscription. When I try to delete the firewall instance, I end up with the error below. Failed to delete the Azure Firewall 'azfw-vnet-hub-secured'.…
asked 2022-09-07T12:12:02.783+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 69%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Nowfal Areepurath
1
Reputation point
answered 2022-09-12T12:06:30.137+00:00
Nowfal Areepurath
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Can't access to an azure virtual machine with SSH
Hello, I have an external kong that act has a gateway "http://api.company.fr" to multiples api that are on azure virtual machines, OS is debian everywhere. I have also an internal kong to make the links between the external kong and…
asked 2022-08-29T18:38:21.847+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 70%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
MYRE, Axel
31
Reputation points
commented 2022-08-30T13:47:26.23+00:00
MYRE, Axel
31
Reputation points
0 answers
How to detect external IP while SNAT is turned on?
When traffic is facing my Firewall, both SNAT and DNAT are enabled. SNAT converts the external IP into the FWs IP, so my next hop (WAF) sees the traffic as originated by the FW. For the DNAT, Microsoft supports the following audit: TCP…
asked 2022-08-22T02:52:52.247+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 76%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
HenPorcilan
1
Reputation point
commented 2022-08-29T06:13:16.763+00:00
KapilAnanth-MSFT
44,551
Reputation points Microsoft Employee
1 answer
Azure: Are there best practices for intrusion dectection alerts?
Hey, we are trying to find best practices for our alert-management in Azure. We have a next generation Azure firewall/Application Gateway/WAF and the OWASP rules activated. Now we are trying to create "good" alerts to notify us. Does…
asked 2022-08-24T11:57:13.593+00:00
Frank Schullerer
141
Reputation points
answered 2022-08-24T16:48:41.277+00:00
David Broggy
5,716
Reputation points MVP
1 answer
Azure Firewall logs not showing the network rule name
Is there anyway to show the network rule name in the output I have read that this has been added in the preview release and followed the configuration to enable that from the documentation…
asked 2022-08-04T14:09:31.443+00:00
Atanu Gupta
141
Reputation points
commented 2022-08-23T14:39:41.637+00:00
Atanu Gupta
141
Reputation points
1 answer
Can vNET spoke to vNET spoke traffic be routed through an Azure Firewall deployed into a dedicated security spoke?
I am working on a virtual wan deployment for a client and came across this scenario. The client would like to use vWAN with two hubs in separate Azure regions. There would be various application and identity spokes connected to the virtual hubs. There is…
asked 2022-06-14T23:30:36.633+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 34%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Aaron Rosedale
1
Reputation point
answered 2022-08-09T15:23:28.697+00:00
Joe Carlyle
661
Reputation points MVP
1 answer
One of the answers was accepted by the question author.
User requesting remote access to all deployed resources in a virtual network (vnet). What is the best, and most secure, way to allow these IP addresses remote access?
So a user has requested that two IP groups (source) be allowed remote access (ports 22, 3389, 5985, 5986) to resources deployed in a certain VNET. I am trying to figure out the best way to allow this access through. Under the VNet in question, there are…
asked 2022-08-04T13:49:16.32+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 72%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
Nicholas Dunkle
21
Reputation points
accepted 2022-08-04T20:46:50.897+00:00
Nicholas Dunkle
21
Reputation points
4 answers
Outbound NAT on private network through Azure firewall
Hello, I'm currently setting a new azure environment and I'm having troubles to understand what is the best course of action here. I have a Vnet with 2 subnets, Subnet 1 for Azure firewall and Subnet 2 for Azure VM. I want my VMs to be able…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 47%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Can I allow passive FTP ports through Azure Firewall ?
Hello, I have a Windows Server on Azure with a filezilla server installed. This VM is behind an Azure Firewall. To access the FTP server I made a DNAT rule in the Firewall to NAT traffic from the public ip on port 22022 (that I use for FTPS) to…
2 answers
Locking down Azure App service access to an IP range
I'm trying to secure access to a very simple app running in an Azure App Service. This app accepts HTTP POST requests (HTTPS unavailable) from a vendor and writes the output to Azure Queue Storage. Currently I'm using an inbound traffic restriction…
asked 2022-07-21T08:49:08.093+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 12%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
Dan Adams
6
Reputation points
answered 2022-07-26T07:01:59.177+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SnehaAgrawal-MSFT
21,346
Reputation points
2 answers
One of the answers was accepted by the question author.
S2S VPN via a Virtual Gateway and Firewall Route table causing issues
I have a S2S VPN via a Virtual Gateway. The Virtual Gateway is part of the VNET we have our Azure Firewall configured for. The S2S VPN works fine and I can connect to the resources on the On-Premise side of the VPN from an Azure Machine within the…
asked 2022-07-22T10:15:50.907+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 38%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)
Andy Walsh
56
Reputation points
accepted 2022-07-22T15:23:30.747+00:00
Andy Walsh
56
Reputation points