Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
709 questions
0 answers
Guidance Needed for Configuring Azure Firewall for Outbound Traffic Control
Hi Experts, We currently have a setup with one HUB VNet and five Spoke VNets, all of which are peered. Additionally, there is a Site-to-Site (S2S) connection established between our on-premises network and Azure. The five Spoke VNets host multiple VMs…
asked 2025-01-15T03:53:26.1433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 69%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVC%3C/text%3E%3C/svg%3E)
veerabose chandran
260
Reputation points
asked 2025-01-15T03:53:26.1433333+00:00
veerabose chandran
260
Reputation points
0 answers
Guidance Needed for Configuring Azure Firewall for Outbound Traffic Control
Hi Experts, We currently have a setup with one HUB VNet and five Spoke VNets, all of which are peered. Additionally, there is a Site-to-Site (S2S) connection established between our on-premises network and Azure. The five Spoke VNets host multiple VMs…
asked 2025-01-15T03:52:18.3233333+00:00
veerabose chandran
260
Reputation points
asked 2025-01-15T03:52:18.3233333+00:00
veerabose chandran
260
Reputation points
0 answers
I am unable to view service tags while adding a network rule in Azure Firewall.
Title Unable to View Service Tags When Adding a Network Rule in Azure Firewall Details I am unable to view service tags while adding a network rule in Azure Firewall. I am selecting the Destination type as Service Tag, but I can only see Office 365…
asked 2025-01-08T17:40:27.39+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 84%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Sayyad, Altamash Salim (Cognizant)
0
Reputation points
commented 2025-01-15T01:21:47.33+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Rohith Vinnakota
1,780
Reputation points Microsoft Vendor
1 answer
Config Azure Firewall DNS for private endpoint without using Azure Private Resolver
Hello, Lately I config a system like below Here is some description: We have 3 Vnet: VNet test (172.22.0.0/16). Inside this subnet, I set up a subnet(172.22.0.0/24) and a VM test inside this subnet VNet Hub (10.18.0.0/16): inside this subnet I config…
asked 2025-01-07T13:29:49.1366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 59%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
lucas
25
Reputation points
commented 2025-01-13T16:12:30.0233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Ganesh Patapati
2,900
Reputation points Microsoft Vendor
0 answers
How to allow outbound web traffic only
Hello, I have setup an Azure Firewall and routes to control all traffic via the Azure Firewall. The firewall is deploy in the Hub and attached to an Express route circuit (Hub/Spoke) Additionally I have setup a rule collection group with the priority…
asked 2025-01-10T08:47:53.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 16%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
ADM Stawik, Lukas
0
Reputation points
commented 2025-01-13T08:38:38.45+00:00
Ganesh Patapati
2,900
Reputation points Microsoft Vendor
1 answer
Azure Firewall DNS Proxy Failing to Resolve SCM Records in Private DNS Zones
I have a hub-and-spoke architecture in Azure where I'm using Azure Firewall in the hub as a DNS proxy. I have multiple private DNS zones configured in the hub and have established VNet links to my spoke networks. I've also added A records for my function…
asked 2024-12-19T16:24:15.6466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 16%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Sagar Baghel
10
Reputation points
commented 2025-01-10T11:47:20.1766667+00:00
Ganesh Patapati
2,900
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Azure Firewall Policy Analytics: "Rules with low utilization" 60/90 day time period
I have the following issue with Policy Analytics: When viewing 'Rules with low utilization' I want to change the time period to 90 days (using the cog in upper right of the pane), but the options for 60 and 90 days are greyed out. I can only select 30…
asked 2024-11-19T09:43:35.1533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 46%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Robbert K
21
Reputation points
commented 2025-01-09T11:19:07.5366667+00:00
Ganesh Patapati
2,900
Reputation points Microsoft Vendor
0 answers
Traffic not flowing via azure firewall when using site to site vpn
I have created a site-to-site connection between AWS and Azure. In Azure, I have a firewall in place. When the gateway connection is established, traffic is not flowing through the Azure firewall. However, when the gateway connection is disconnected or…
asked 2024-12-26T17:31:22.2366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 34%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Anushankar Konduri
0
Reputation points
commented 2025-01-08T01:41:24.1833333+00:00
Rohith Vinnakota
1,780
Reputation points Microsoft Vendor
5 answers
One of the answers was accepted by the question author.
How to get all firewall rules with all the properties via Azures Resource Graph?
Hi, I need help with proper formulation of a query that would give me all firewall rules with all properties so it can be saved as a CSV file. All rules from a particular directory.
asked 2023-03-22T12:59:31.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 62%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Dominika Starostka
20
Reputation points
commented 2025-01-07T13:24:43.4566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 19%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOD%3C/text%3E%3C/svg%3E)
Oscar de Groot
6
Reputation points
1 answer
One of the answers was accepted by the question author.
Hub, Spoke - S2S VPN Trafice via Azure Firewall
Hello, Recently I have create a system like below image I have config 3 VNET: VNET test(10.19.0.0/16) : in this vnet, I config a subnet(10.19.0.0/24) and a test VM (OS window server 2022) with a public IP named publicIPDev. I want to remote to this…
1 answer
Network latency between Azure Global VNet Peering
Hi Team, I have a scenario below. Users at the East US site access the webpage site1.abc.com which is hosted on a Citrix Netscaler in the Central US region. Users from the East US site connect in multiple ways, through VPN or AVD environment to access…
asked 2024-12-14T13:24:05.3933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 6%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
SHAKIR SHAIKH
0
Reputation points
edited the question 2025-01-07T13:02:41.58+00:00
Prrudram-MSFT
27,576
Reputation points
0 answers
Using Azure Private Resolver with Firewall DNS proxy
Hi, I am currently looking at implementing Azure DNS private resolver (inbound and outbound endpoint subnets) within a hub-and-spoke network with the ultimate goal of resolving DNS to/from an on premise site located down a VPN connection and the spokes…
asked 2024-09-10T10:39:50.1433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEV%3C/text%3E%3C/svg%3E)
Eddie Vincent
105
Reputation points
commented 2024-12-31T04:25:34.4366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 0%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Silvia Wibowo
4,941
Reputation points Microsoft Employee
1 answer
connectivity issue over internet via azure firewall
Hi Team, I have a vm A in a vnet (SPOKE) region japan who talks to public ip on internet via azure firewall (HUB). We have a udr default route pointing to Firewall , all traffic to internet goes via azure firewall. We see that VM talks to destination…
asked 2024-12-30T12:00:01.8633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 33%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E5%3C/text%3E%3C/svg%3E)
56789
5
Reputation points
answered 2024-12-30T20:05:15.34+00:00
Rohith Vinnakota
1,780
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Azure private zone with on prem ADDNS
I had a requirement to use the Azure firewall proxy to capture and log DNS traffic comping Azure private link services. My plan was to setup conditional forwarder for all private DNS resources from on prem to Azure firewall using firewall proxy to DNS…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 46%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Firewall turn on
https://zcusa.951200.xyz/en-us/azure/firewall/firewall-faq#how-can-i-stop-and-start-azure-firewall using the instructions awhile back to save $$, we disabled the farewell, now I need to turn it back on. Wanting to stay with this docs by MS. what do i…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 36%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EED%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Does traffic from Azure Firewall to Service Tag like Azure Monitor stays on backbone
Hi, I have hosted some containers in Azure which are sending telemetry to Application Insight. We have a firewall in the connectivity hub. All spoke traffic (0.0.0.0/0) is routed to the firewall. So the outbound traffic from container to Application…
asked 2024-12-20T05:28:14.64+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 19%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER2%3C/text%3E%3C/svg%3E)
RajivBansal-2486
311
Reputation points
accepted 2024-12-24T07:18:49.8366667+00:00
RajivBansal-2486
311
Reputation points
1 answer
One of the answers was accepted by the question author.
Unable to find list of FQDNs/IP Addresses that are part of FQDN and Service Tags on Azure Firewall
We know there are many FQDN tags and Service Tags for Azure firewall, informed in the below articles as well: https://zcusa.951200.xyz/en-us/azure/firewall/fqdn-tags https://zcusa.951200.xyz/en-us/azure/firewall/service-tags However, not able…
asked 2024-12-13T20:41:37.34+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rakesh Singh
310
Reputation points
accepted 2024-12-20T01:29:35.13+00:00
Rakesh Singh
310
Reputation points
1 answer
Do we need to enable Azure firewall threat intelligence protection even if the communication is private via express route circuit
We have hybrid connectivity model setup in our environment where on-premises network is connected to Azure via Express route circuit with private peering enabled. on the Azure firewall policy we have explicitly denied outbound internet connectivity…
asked 2024-12-18T10:54:00.5266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 76%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Mahesh Badgujar
40
Reputation points
commented 2024-12-19T07:01:47.1033333+00:00
KapilAnanth-MSFT
48,331
Reputation points Microsoft Employee
1 answer
AKS Networking with Application Gateway and Azure Firewall
Hello everyone, I am currently implementing a solution in Azure that involves using Azure Kubernetes Service (AKS) as a backend, along with an Application Gateway for incoming traffic. Additionally, I have configured an Azure Firewall to manage outbound…
asked 2024-12-13T13:48:50.45+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 21%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
krutibasa majhi
0
Reputation points
commented 2024-12-18T09:36:30.8266667+00:00
KapilAnanth-MSFT
48,331
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Can you add a Network rule with "*" in the namespace and an Application rule with port 445 in Azure firewall?
Hi Team, We have a requirement, wherein we have to allow a URL on Azure firewall with following requirement: URL: *.abc.com Port: 445 Now, I cannot create an application rule with port 445 and Network rule doesn't accept "*" in the URL.…
asked 2024-12-13T20:31:11.9566667+00:00
Rakesh Singh
310
Reputation points
accepted 2024-12-17T23:08:47.1933333+00:00
Rakesh Singh
310
Reputation points