Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
222 questions
1 answer
AZFW DNS proxy across virtual wan
I have configured the azfw policy for dns proxy to a server that is on-prem accessible through another virtual hub. My problem is bgp is not advertising the firewall's private address across the vwan to the other hub. The firewall policy in question…
asked 2024-08-28T12:33:32.5633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 33%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Mark Davis
20
Reputation points
answered 2024-08-28T20:57:12.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sina Salam
11,361
Reputation points
0 answers
Routing Azure VPN P2S connection through Azure Firewall for S2S connection
Hi all, I am setting up an IoT configuration where the devices connect via SIMs to a mobile provider. The mobile provider forwards all traffic through a S2S VPN connection. Using a route table I am able to forward all traffic to an Azure Firewall. The…
asked 2024-08-26T14:15:50.89+00:00
Bas Pruijn
951
Reputation points
commented 2024-08-26T23:04:55.0233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
26,206
Reputation points Microsoft Employee
1 answer
Azure VWAN traffic between source and destination worked in HUB but did not work when the hub became secure with Azure Firewall.
Hi Experts, Please see the attached ENV diagram; when the VWAN does not have a firewall, traffic from siteA to App01 works, and vice versa; however, once the firewall is installed in the HUB with the allow all FW policy, communication from siteA to App01…
asked 2024-08-25T15:26:29.53+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 18%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Veera
260
Reputation points
answered 2024-08-26T13:41:16.2233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Ganesh Patapati
960
Reputation points Microsoft Vendor
1 answer
Azure Firewall Application Rules - "MSSQL" not available in Rule Collection Groups
Hi, Working on a IaC project for Azure Firewall. Have created Azure Firewall, Azure Firewall Policy and working on implementing rules using Rule Collection Groups modules. In the Portal, Application Groups support protocol type "http",…
asked 2024-08-16T15:28:26.0766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 44%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETY%3C/text%3E%3C/svg%3E)
Tarjei Ylvisåker
56
Reputation points
commented 2024-08-26T08:04:03.69+00:00
KapilAnanth-MSFT
46,096
Reputation points Microsoft Employee
1 answer
Configuration of an external firewall + ExpressRoute
Hello Community, I read a few threads here in the forum about a similar case, but the answer wasn't 100 percent clear to me. The following structure: I have an ExpressRoute via a VPN gateway in Azure, which is connected to OnPrem. An NVA (not from…
asked 2023-09-19T06:16:27.5466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 46%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPG%3C/text%3E%3C/svg%3E)
Philipp Gerber
271
Reputation points
commented 2024-08-26T06:39:02.0166667+00:00
KapilAnanth-MSFT
46,096
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
realtime bandwith monitoring
hello, Is there any tools to monitor azure virtual network, virtual network gateway and azure firewall bandwidth in realtime? Usually in the onprem environment we can do this by configuring the snmp agent on the devices and we monitor the utilization on…
asked 2024-08-22T03:37:25.8466667+00:00
Handian Sudianto
4,981
Reputation points
accepted 2024-08-26T01:06:54.2866667+00:00
Handian Sudianto
4,981
Reputation points
1 answer
Azure Firewall inbound
Hello, I have VM with public ip enabled for RDP purpose, let say the public ip is 2.2.2.2. This VM associated with NSG group to allowing the RDP port and i test from my workstation by RDP to 2.2.2.2 and it's working. Then i associate this subnet to the…
asked 2024-08-23T01:08:37.2366667+00:00
Handian Sudianto
4,981
Reputation points
commented 2024-08-24T07:59:12.67+00:00
Andreas Baumgarten
110.4K
Reputation points MVP
1 answer
How disable Azure firewall from displaying that the traffic was denied
I have worked with multiple firewall vendors. Most firewall allow the following actions: Allow Deny Drop Allow is obvious. Deny rule denies the traffic but tells the user the traffic is denied. Drop rule is where it drops (denies) the traffic but…
asked 2024-08-12T18:34:26.04+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 66%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Jason Mott
0
Reputation points
commented 2024-08-22T09:00:41.4833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Rohith Vinnakota
680
Reputation points Microsoft Vendor
1 answer
How to send traffic from a spoc (Hub and Spoc topology) to workload behind NVA present in 3rd party connected via Express route which only broadcast the NVA subnet range
Hi, In my scenario - From Azure Spoc, we are trying to reach workload for example (10.129.31.35) present behind a NVA hosted in a 3rd party system which is connected to Azure Hub vnet via Express route to Azure and broad cast only NVA's subnet range…
asked 2024-08-20T16:57:44.2966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 59%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Mukherjee, Aniket
0
Reputation points
answered 2024-08-22T03:01:14.7866667+00:00
ChaitanyaNaykodi-MSFT
26,206
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Azure Firewall Session table
Hi Team, If we manage azure firewall policies through azure firewall manager then Is it possible to see traffic/connections/ session table of Azure firewall from firewall manager or from firewall itself ( Like how we can see traffic in Palo Alto or…
asked 2024-06-13T12:28:20.3366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 67%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Siddhesh Rane
61
Reputation points
accepted 2024-08-21T04:29:32.9666667+00:00
Siddhesh Rane
61
Reputation points
1 answer
Azure firewall restriction - a port must have an unique protocol associated to it
We use azure firewall to monitor all traffic that flows around our hub & spoke azure networks including connections to on-prem services. Some of those on prem services have non standard https ports and we hit a restriction when creating a new…
asked 2024-08-20T14:17:28.39+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 20%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Burgess, Simon
0
Reputation points
answered 2024-08-21T04:28:36.5166667+00:00
ChaitanyaNaykodi-MSFT
26,206
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
AZURE FIREWALL - ROUTE
Hello. Please, I would like to better understand the current scenario I am working on. I have a VM that needs external access via public IP, which will also be a domain, this VM hosts a public website. My question: I have another Fortigate Firewall VM,…
asked 2024-08-19T11:32:02.74+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 8%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Gabriel Moraes
370
Reputation points
accepted 2024-08-20T10:15:22.91+00:00
Gabriel Moraes
370
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Firewall Policy Analytics
Hello, I create some rule in the azure firewall, but why on the policy analytics seem all my rule is not hitting? Matching flows and hit count always 0? The rule mainly is to block and permit access to the internet. The rule is working normally and the…
asked 2024-08-19T07:53:46.7133333+00:00
Handian Sudianto
4,981
Reputation points
accepted 2024-08-20T04:24:20.8033333+00:00
Handian Sudianto
4,981
Reputation points
1 answer
One of the answers was accepted by the question author.
VPN Site to Site Firewall
Hello, Can azure firewall managing traffic (allow or deny) ipsec tunnel from on-prem to azure or vice versa?
asked 2024-08-19T03:07:19.14+00:00
Handian Sudianto
4,981
Reputation points
accepted 2024-08-20T00:50:14.9133333+00:00
Handian Sudianto
4,981
Reputation points
1 answer
One of the answers was accepted by the question author.
MSSQL Azure Firewall
Hello, When we create application rule, the valid protocol is http, https and mssql. When i fill http, https and mssql then i submit, why after that the mssql port is 3306 and not 1433?
asked 2024-08-16T02:24:57.79+00:00
Handian Sudianto
4,981
Reputation points
accepted 2024-08-20T00:25:01.74+00:00
Handian Sudianto
4,981
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Firewall Rules Order
Hello, I have Firewall policy like this : In the application rule, i have rule to allowing all VMs to windows update In the network rule, i have rule to allowing some VMs access to the internet (example host 10.10.10.10 can access to internet, and all…
asked 2024-08-15T02:14:47.78+00:00
Handian Sudianto
4,981
Reputation points
accepted 2024-08-19T06:36:00.3966667+00:00
Handian Sudianto
4,981
Reputation points
1 answer
One of the answers was accepted by the question author.
Missing description field for Azure Firewall Policy Rule Collection Group rules
In the reference documentation for creating rules in rule collection groups in Azure Firewall Policy the description field is listed as valid for individual rules:…
asked 2022-10-03T18:06:51.19+00:00
Mats Estensen
46
Reputation points
commented 2024-08-19T06:20:58.98+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 33%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EED%3C/text%3E%3C/svg%3E)
Edgar Dockus
0
Reputation points
1 answer
How to integrate Azure Firewall and NAT Gateway
Hi, we've set up a hub/spoke in Azure using an Azure Firewall to both control traffic and to allow the spokes to communicate. We want to configure this so that Internet traffic from each of the spokes first hits the firewall just like it would for…
asked 2024-08-15T13:50:59.65+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 12%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERD%3C/text%3E%3C/svg%3E)
Richard Duane Wolford Jr
221
Reputation points
answered 2024-08-17T04:11:39.2333333+00:00
ChaitanyaNaykodi-MSFT
26,206
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Dedicated subnets
Are there any resources in the azure which requires dedicated subnet other than these:- Bastion,Firewall,Application Gateway,Active directory domain services. And why they require dedicated subnet? since because of autoscaling feature in them? If so,…
asked 2023-01-18T14:53:56.2633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 49%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Manchukonda Kranthi Kumar
131
Reputation points
commented 2024-08-16T22:16:55.45+00:00
Ingo Jobling
11
Reputation points
1 answer
not traffic outbound subnet onpremises
Buen dia Tengo un inconveniente con una trafico que no esta llegando desde Azure Firewall o Onpremises, tengo las reglas completas y configuradas desde el FW y tambien tengo publicado el segmento desde las LNG, pero aun asi desde una VM no llego solo a…
asked 2024-08-15T02:04:20.2733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 7.000000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJF%3C/text%3E%3C/svg%3E)
JUAN FERNANDO SILVA PEREZ
0
Reputation points
answered 2024-08-16T18:21:20.68+00:00
ChaitanyaNaykodi-MSFT
26,206
Reputation points Microsoft Employee