AZFW DNS proxy across virtual wan
I have configured the azfw policy for dns proxy to a server that is on-prem accessible through another virtual hub. My problem is bgp is not advertising the firewall's private address across the vwan to the other hub. The firewall policy in question…
Routing Azure VPN P2S connection through Azure Firewall for S2S connection
Hi all, I am setting up an IoT configuration where the devices connect via SIMs to a mobile provider. The mobile provider forwards all traffic through a S2S VPN connection. Using a route table I am able to forward all traffic to an Azure Firewall. The…
Azure VWAN traffic between source and destination worked in HUB but did not work when the hub became secure with Azure Firewall.
Hi Experts, Please see the attached ENV diagram; when the VWAN does not have a firewall, traffic from siteA to App01 works, and vice versa; however, once the firewall is installed in the HUB with the allow all FW policy, communication from siteA to App01…
Azure Firewall Application Rules - "MSSQL" not available in Rule Collection Groups
Hi, Working on a IaC project for Azure Firewall. Have created Azure Firewall, Azure Firewall Policy and working on implementing rules using Rule Collection Groups modules. In the Portal, Application Groups support protocol type "http",…
Configuration of an external firewall + ExpressRoute
Hello Community, I read a few threads here in the forum about a similar case, but the answer wasn't 100 percent clear to me. The following structure: I have an ExpressRoute via a VPN gateway in Azure, which is connected to OnPrem. An NVA (not from…
realtime bandwith monitoring
hello, Is there any tools to monitor azure virtual network, virtual network gateway and azure firewall bandwidth in realtime? Usually in the onprem environment we can do this by configuring the snmp agent on the devices and we monitor the utilization on…
Azure Firewall inbound
Hello, I have VM with public ip enabled for RDP purpose, let say the public ip is 2.2.2.2. This VM associated with NSG group to allowing the RDP port and i test from my workstation by RDP to 2.2.2.2 and it's working. Then i associate this subnet to the…
How disable Azure firewall from displaying that the traffic was denied
I have worked with multiple firewall vendors. Most firewall allow the following actions: Allow Deny Drop Allow is obvious. Deny rule denies the traffic but tells the user the traffic is denied. Drop rule is where it drops (denies) the traffic but…
How to send traffic from a spoc (Hub and Spoc topology) to workload behind NVA present in 3rd party connected via Express route which only broadcast the NVA subnet range
Hi, In my scenario - From Azure Spoc, we are trying to reach workload for example (10.129.31.35) present behind a NVA hosted in a 3rd party system which is connected to Azure Hub vnet via Express route to Azure and broad cast only NVA's subnet range…
Azure Firewall Session table
Hi Team, If we manage azure firewall policies through azure firewall manager then Is it possible to see traffic/connections/ session table of Azure firewall from firewall manager or from firewall itself ( Like how we can see traffic in Palo Alto or…
Azure firewall restriction - a port must have an unique protocol associated to it
We use azure firewall to monitor all traffic that flows around our hub & spoke azure networks including connections to on-prem services. Some of those on prem services have non standard https ports and we hit a restriction when creating a new…
AZURE FIREWALL - ROUTE
Hello. Please, I would like to better understand the current scenario I am working on. I have a VM that needs external access via public IP, which will also be a domain, this VM hosts a public website. My question: I have another Fortigate Firewall VM,…
Azure Firewall Policy Analytics
Hello, I create some rule in the azure firewall, but why on the policy analytics seem all my rule is not hitting? Matching flows and hit count always 0? The rule mainly is to block and permit access to the internet. The rule is working normally and the…
VPN Site to Site Firewall
Hello, Can azure firewall managing traffic (allow or deny) ipsec tunnel from on-prem to azure or vice versa?
MSSQL Azure Firewall
Hello, When we create application rule, the valid protocol is http, https and mssql. When i fill http, https and mssql then i submit, why after that the mssql port is 3306 and not 1433?
Azure Firewall Rules Order
Hello, I have Firewall policy like this : In the application rule, i have rule to allowing all VMs to windows update In the network rule, i have rule to allowing some VMs access to the internet (example host 10.10.10.10 can access to internet, and all…
Missing description field for Azure Firewall Policy Rule Collection Group rules
In the reference documentation for creating rules in rule collection groups in Azure Firewall Policy the description field is listed as valid for individual rules:…
How to integrate Azure Firewall and NAT Gateway
Hi, we've set up a hub/spoke in Azure using an Azure Firewall to both control traffic and to allow the spokes to communicate. We want to configure this so that Internet traffic from each of the spokes first hits the firewall just like it would for…
Dedicated subnets
Are there any resources in the azure which requires dedicated subnet other than these:- Bastion,Firewall,Application Gateway,Active directory domain services. And why they require dedicated subnet? since because of autoscaling feature in them? If so,…
not traffic outbound subnet onpremises
Buen dia Tengo un inconveniente con una trafico que no esta llegando desde Azure Firewall o Onpremises, tengo las reglas completas y configuradas desde el FW y tambien tengo publicado el segmento desde las LNG, pero aun asi desde una VM no llego solo a…