Multiple public ips are not getting added in Azure FW
Hi, I am trying to add two public ips in Azure FW through power shell command as mentioned in MS documentation. However i could see that the two ips got created in the resource group and when i create the FW with these two ips, it got created…
Azure Virtual VM behind FW and Azure Monitor Log analytics
Hello Experts, I have an Azure FW that's managing inspection and routing for an azure vnet, I have observed that VM logs are not be ingested into the log analytics workspace. My question is there an application rule or FQDNS tag that I need to allow to…
Azure Firewall Network Rules
Hello Experts, Quick question about Azure Firewall network rules...are they stateful? So if I create a network rule that "Allows" RDP into a VM from an On-prem network, is that rule bi-directional (inboud-outbound)?
Azure Firewall and Azure VPN Gateway
Hello experts, Quick question here when setting up Azure VPN Gateway for site to site VPN from On-prem to Azure for S2S connectiing and also using Azure FW for network perimeter filtering and inspection from On-prem to Azure. Now on the Gateway…
Do Azure Firewall at VNet blocks any log analytics workspace data
I have a set of VMs spread across different VNets, these VMs logs data to Log Analytics workspace and these VNets are connected via Hub-Spoke topology. Looking to implement Azure Firewall at Hub to increase the security across my VNet resources. Now I…
TCP Connections dropped after approx 5 mins of inactivity
I have the idle timeout set to 20 minutes. However, tests with a Python TCP client talking to a a Python TCP server using "epoll", give me an issue when the idle time is roughly 5 minutes of inactivity. I loose the last packet sent, and get an…
Firewall rules for SAS URI
Hi, I'm using Microsoft Azure Storage Explorer to upload pst files via SAS URI and import them to the user's mailboxes. Recently we installed the MASE on another server and I'm getting an error - upload failed. In the Firewall we see the following…
Regarding Azure service tags for NSGs/Firewall
I am exploring Azure service tags and I have referred microsoft's official site for this. I have tested the service tag "Internet" using some azure resources, however need further documentation to know how to test service tags like azure load…
Builtin Azure Service that automatically updates the attack signature heuristically ?
Hi Experts, We have the need to secure the Application Gateway and hundreds of API exposed to the Internet as part of our production environment, Using the existing builtin, Azure services, How to make it secure from Unknown Threat or 0-day attack…
View real time firewall logs?
what is the easiest way and/or best viewer to watch your real time network traffic through azure firewall and/or NSG's Log analytics/event hub? any way to just watch the traffic the way you would on a normal firewall with a connection monitor or at…
Ip spoofing attack in AKS
Hello, We are thinking to enable authorized IP ranges in aks to expose service only to my organisation. If we do not add application gateway or maximum we can add the small sku of app gateway then what are the chances that our service is safe from…
Do i need Azure Firewall in Azure Virtual WAN (HUB)
I'm setting up a S2S connection through Azure Virtual WAN with no access to the outside world other than the 2 sites and some things within Azure that are not available from the Internet. I'm wundering if i need the Azure Firewall in this setup ?
Azure firewall exclusion not working.
Greetings. I've got two Azure SQL servers/ databases, one for DEV and one for Prod. Each server has the same firewall rules set up. We have a developer that can access DEV w no problem, but cannot access Prod and it throws up the normal "your IP…
Any need of firewall if IP are restricted?
Hello, We are using azure kubernetes service over 443 port. We have enabled the IP range restricted Vnet due to which the services are only accessible from our organization. It is kind of an intranet and nothing is exposed over internet. In addition, a…
Storage Account Firewall Options & Overall Security
I'm going through a stretch of final testing of our Azure environment, and recently, I had to change the firewall settings on the main storage account from Selected Networks to All Networks to allow Automate run books access to files. Still being fairly…
Azure SQL Data Sync fails for bulk data
I'm using Azure Data Sync to synchronize two databases Everything was working fine until a few days ago when I inserted around 30 users in the Hub Database. Since then I'm getting the following error. Sync failed with the exception…
ARM Deployment of IPGroups fails on Update: Conflict
Hello, we are trying to update IPGroups through an ARM deployment, but this fails with "Conflict" on some of the IPGroups. All resources included in the discussion are created via DevOps pipeline and ARM templates. Unfortunately, rerunning a…
Unable to connect to Azure SQL DW & DB via SSMS, SSDT - error 10060
Hi, I'm trying to connect to Azure SQL Data Warehouse via SSMS and SSDT from my local with SQL Authentication and AD universal MFA, but I'm unable to and getting error number 10060 (Connected host failed to respond ). I've added my client IP to…
Cannot bulk load because the file 'container' + file' could not be opened. Operating system error code (null).
I am not sure what is going on with this quation body it keeps nagging that there need to be at least 10 characters inside this body..... Loading a file from the Azure Blob storage should be relatively easy when you are working with a Azure SQL…
Are webservers behind a WAF safe enough to be classed as trusted
Hi, I am after some advise on a hub and spoke design idea. If I have a hub that contains a firewall and a WAF where the WAF is forwarding traffic onto a webserver in a spoke virtual network. Would you then class that web server / virtual network as…