Azure NSG and Auditing Complexity

Gayatri Ramachandran 1 Reputation point Microsoft Employee
2020-01-27T09:04:36.45+00:00

The NSG rules in azure are based on IP . How to use NSG and make it support CDN endpoints or DNSes which have multiple IP addresses. Is it possible in Azure?

Also Auditing is complex with NSG in place, as NSG use IP Addresses and Azure Policies created are based on DNS for outbound.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,077 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vaibhav Chaudhari 38,561 Reputation points
    2020-01-27T09:42:51.9+00:00

    You might not get the answer here as this forum is for Azure devtest lab. Please follow up your same post on correct forum:
    https://social.msdn.microsoft.com/Forums/en-US/6e78bc37-dd5d-4b1c-bb9c-0c3eca5ef8e5/azure-nsg-and-auditing-complexity?forum=WAVirtualMachinesVirtualNetwork

    ----------

    If the response helped, do "Mark as answer" and upvote it

    1 person found this answer helpful.
    0 comments
  2. kongou_ae 171 Reputation points
    2020-01-28T14:33:48.36+00:00

    I understand that you want to permit the outbound access to CDN by using FQDN. NSG can't fulfill your request because you can use only IP address in NSG.

    In this scenario, you need to use Azure Firewall or Network Virtual Appliance. These equipments support to use FQDN in its security rule.

    Best regards.

    1 person found this answer helpful.
  3. Gayatri Ramachandran 1 Reputation point Microsoft Employee
    2020-01-28T05:43:01.25+00:00

    Thanks Vaibhav.
    Actually none of the other tags were suited for this question, had to choose one..

    0 comments