Traffic not flowing via azure firewall when using site to site vpn
I have created a site-to-site connection between AWS and Azure. In Azure, I have a firewall in place. When the gateway connection is established, traffic is not flowing through the Azure firewall. However, when the gateway connection is disconnected or…
How do I run a pcap on Azure Firewall?
I am trying to build a non Meraki VPN tunnel to a Meraki vMX appliance that sits behind an Azure Firewall. I suspect that I am missing a Network or DNAT rule to allow interresting traffic. I need visibility on the traffic flow to understand why traffic…
azure.core.exceptions.ServiceResponseError while uploading/retriving the data from Cosmos
While I am trying to access the Azure Cosmos, throug my Microsoft 365 cloud PC using Python I am getting the following error while retrieving/uploading into the container. **azure.core.exceptions.ServiceResponseError: ('Connection aborted.',…
Can I temporarily enable Azure Firewall on a demo environment for testing, and then remove it to stop incurring firewall costs once I apply the configuration to production?
Can I temporarily enable Azure Firewall on a demo environment for testing, and then remove it to stop incurring firewall costs once I apply the configuration to production? Does Azure Firewall incur costs for just being applied to a subnet or VNet, or…
Difficulty Identifying Edited Rules in Azure Firewall Logs via KQL
Hello, community! I'm having trouble identifying specific changes to Azure Firewall rules through KQL (Kusto Query Language). After modifying certain firewall rules, I can see that edits have occurred through the firewall’s logs tab (where it shows a…
When to use Azure WAF or Azure Firewall ?
Hi Folks, Can anyone here please share some thoughts and comments of when to use Azure WAF or Azure Firewall? I have already existing Azure ExpressRoute so my Azure VMs can ping my OnPremise servers, and vice versa. My purpose here is to be able to…
Site-2-Site VPN configuration between 2 virtual WAN HUB from different subscription
Hi, I am trying to setup the Site-2-Site VPN between 2 hubs belongs to different subscription. While I was setting up the Site-2-Site VPN my VPN gateway failed and now all other VPN connection are showing in failed condition. I reset the Virtual VPN…
Azure VWAN traffic between source and destination worked in HUB but did not work when the hub became secure with Azure Firewall.
Hi Experts, Please see the attached ENV diagram; when the VWAN does not have a firewall, traffic from siteA to App01 works, and vice versa; however, once the firewall is installed in the HUB with the allow all FW policy, communication from siteA to App01…
Azure Firewall Session table
Hi Team, If we manage azure firewall policies through azure firewall manager then Is it possible to see traffic/connections/ session table of Azure firewall from firewall manager or from firewall itself ( Like how we can see traffic in Palo Alto or…
Missing description field for Azure Firewall Policy Rule Collection Group rules
In the reference documentation for creating rules in rule collection groups in Azure Firewall Policy the description field is listed as valid for individual rules:…
Protocol and Port ranges for allow Logic Apps IP
We got the notification about the Logc Apps IP addresses that will need updating by Nov 12th. It doesn't specify any protocol or port ranges on the required IPs that need to be added. Can anyone clarify for me if they have to be any/any or we can limit…
Best Methods for Diagnosing Azure Hosted Web App Communication Issues by Adjusting or Disabling Firewall Settings
Hi community, For a web app on Azure constructed using various Azure services, the design typically blocks a lot of communication for security reasons. However, to diagnose issues, it's necessary to allow inbound and outbound communication. I am…
Internet Routing via Azure Firewall
Hell All. We have a hub and spoke set up within Azure, within our hub resides our azure firewall and a express route gateway. The hub has 2 spoke vnets peered, each subnet within the peered vnet, has a UDR with a entry 0.0.0.0/0 pointing to the private…
Azure Firewall DNS
Hi, in our existing Azure Firewall configuration, under DNS, we have the DNS servers enabled with the default Azure provided DNS and the DNS proxy disabled. For all our other resources in Azure, we have 2 Azure domain controllers and these are also the…
How to preserve source IP in Azure Firewall
Our requirement is to preserve the source IP even when the traffic flows through the Azure firewall and then reaches the destination server. We should be able to see the source IP in the logs of the destination server instead of Azure firewalls IP as…
Update of Azure Firewall Policies failes - faulted referenced firewalls
Hi all, I try to create a Firewall (vWAN Secured Hub) using an ARM Template (actually as part of a blueprint). The initial deployment works like a charm. But when I try to update the blueprint assignment and thus triggering a new deployment I get…
Filtering EAST-WEST Traffic - Azure Firewall
Does azure firewall support east-west traffic filtering or it should only be used for north-south traffic filtering. In some doc I read for inbound http & https we need to use web application firewall.(Application gateway)
Option to use existing Azurefirewall to secure an existing hub
I am trying to secure vWAN hub with existing Azure firewall but there is an only an option to link Firewall policy from hub -firewall - security hub. When I link the existing policy it creates and new firewall and error out the policy cannot be linked…
azure firewall rule collection vs rules
azure firewall rule collection vs rules how determine the collection of rules. How to plan collection? Can I keep all ADDS collection group e.g. with inbound rules for client, outbound /inbound for DC to DC rules, inbound for management and reporting…
How to get all firewall rules across multiple subscriptions and multiple RG's with all the properties via Azures Resource Graph?
Hi, We are looking for some help with proper formulation of a query that would give us all firewall rules with all properties . We have multiple firewall both with classic rules and firewall policy ones as well spread across multiple subscriptions.