How would TLS inspection work with WAF enabled App Gateway and Azure Firewall?
Hi, I have been struggling with this from a while now. Our design has WAF enabled App gateway for incoming HTTP / HTTPS traffic from internet and then have Azure Firewall behind it. Have couple of queries for which I need assistance: 1: Does WAF has…
My network rule that specifically allows access to public SQL MAnaged Instance URL does not appear to work
I have two virtual hosts in my Azure V-NET. The subnet they are are in is connected to a route table that sends 0.0.0.0/0 to the internal IP Address of my Azure Firewall. From these virtual hosts which send traffic through the Azure Firewall I can reach…
How to replace Route Tables by using Azure Route Server?
How do I setup Azure Route Server to replace Route Tables that route traffic to an Azure Firewall instance? We have a hybrid setup and our on-premise location is connected to our Azure environment via Express Route. We have an Azure Network Gateway (type…
Azure Firewall change public IP
Recently Azure have made their public IP addresses zone redundant by default: https://azure.microsoft.com/en-us/blog/azure-public-ips-are-now-zone-redundant-by-default/ With basic public IP addresses being retired next year I need to remove mine from as…
Does Azure Firewall support BGP?
Does Azure Firewall support BGP? I am looking into Azure Route Server to replace the route tables which we now deploy with each (spoke) vnet. I read an article stating that Azure Firewall does not support BGP, so using ARS in combination with AFW would…
When I send traffic to the firewall, my host cannot reach any powerapps
I have virtual hosts in Azure Commercial West US 2 region and Powerapps running in the Azure GCC environment. All Powerapps run just fine when I do not send any traffic (0.0.0.0/0) through the Azure Firewall. However as soon as I send traffic through…
Azure Storage Account - Public Access via Azure Front Door Endpoint - Firewall Setting
Hi, I have a storage account static website being accessed via Azure FrontDoor. It works well with "Public network access" option set to "Enabled from all networks". If I set it to "Enabled from selected VNETs and IPs" I'll…
Routing Issues with S2S VPN VNET Peered with ExpressRoute VNET
The Context: I have 3 VNETS (VNET1, VNET2, VNET3). VNET1 has a S2S VPN allowing on-prem devices to connect to Azure. VNET2 has an ExpressRoute allowing another subnet of on-prem devices to connect to Azure. VNET3 also has an ExpressRoute allowing another…
On-premises expressroute BGP is advertising 0.0.0.0/0 and using Azure Firewall to control traffic (including internet)
hi My environment is an on-premises expressroute BGP is advertising 0.0.0.0/0. I want to use Azure Firewall to control all traffic (including internet). See and discuss the architecture picture attached below. My guess is that we need to send the route…
When I send traffic to the firewall, my host cannot reach any powerapps
I have a Firewall Policy that has several Network and Application Rulesets. The host2 I'm having problems from are 10.0.3.6 , 10.0.3.8 and 10.0.5.4 on different subnets. I have IP Groups setup for the 10.0.3.* and the 10.0.5.* hosts. In my Network…
Azure Hub Network with NVA and azure firewall and routing between VPN and Express route gateway through firewalls
Hi Team, I have attached the network diagram, Here is set up. There is HUB and Spoke topology with NVA. All traffic between on-premise and azure spoke is passing through NVA Third party location is connected through SDWAN VM over internet. SDWAN VM is…
Hub and two Spoke vnets with AFW in Hub and traffic from Expressroute
Hello, I have got problem with not going traffic via Azure Firewall from ExpressRoute to one of two spoke vnets(I don't see any traffic on Firewall logs but I can see traffic with tcpdump on VM in spoke). Traffic to on-prem via ExpressRoute works fine…
Azure firewall behavior if instances misbehave
Hello , I know the fact that Azure firewall starts with two virtual machines, just asking what the behavior will be if at the same the two virtual machines for some reason are not functioning properly?
going with the application gateway in fornt of azure firewall does it lose the benefit of l7 load balancing
I have an Azure firewall in a hub and spoke architecture, and one of the spokes contains my web servers, for HTTPS filtering I have an application gateway with the WAF feature and l7 load balancing. I have a requirement to keep centralized security…
VNETs in different subscriptions not communicating with Azure Firewall
Having a head scratcher. Layout: Subscription 1: Includes: VNET A, VPN Gateway to Data Center, Firewall with Policy. Subscription 2: Includes: VNET B, computer Resources Spinning up a VM in VNET A I can communicate out and to the Data Center through the…
Azure Firewall has started NATing random traffic flows between VMs
Our monitoring system found a web site not responding last Saturday morning (24th August). Logs showed that it could no longer talk to its database. The web site is running on a VM -- VM1. The SQL Server is on VM2. They are on different subnets of the…
ICMP Timestamp Request Remote Date Disclosure Details - The remote host answers to an ICMP timestamp request.
how to resolve this or do we have any information if we can restrict on firewall
Azure firewall - Firewall policy under "Policy" section is not showing any "Parent policy".
As a test, we have deployed Azure Firewall in a region. When I access the firewall, it has 2 Firewall policy (1- Policy and 2- Base Policy). My understanding is that Base Policy is considered as a Parent policy and just Policy is considered as a child…
Using Azure Private Resolver with Firewall DNS proxy
Hi, I am currently looking at implementing Azure DNS private resolver (inbound and outbound endpoint subnets) within a hub-and-spoke network with the ultimate goal of resolving DNS to/from an on premise site located down a VPN connection and the spokes…
What are differences between Firewall DNS Proxy and DNS Private Resolver?
I am unsure which to choose Azure Firewall DNS Proxy and DNS Private Resolver as a DNS forwarder. I'd like to know the main differences and practical situations for each.