Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
669 questions
1 answer
Azure firewall logging traffic in a hub-and-spoke network
Hi, A similar sort of setup and query to this thread here, however I have a more specific question: https://learn.microsoft.com/en-us/answers/questions/1322184/azure-firewall-traffic-logging-for-route-based-vpn We have Azure Firewall logging all traffic…
asked 2024-10-17T14:27:45.68+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEV%3C/text%3E%3C/svg%3E)
Eddie Vincent
0
Reputation points
commented 2024-10-18T18:10:44.6166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Rohith Vinnakota
605
Reputation points Microsoft Vendor
2 answers
One of the answers was accepted by the question author.
Azure Firewall rule limits
Hello, In our environment it is expected to reach the rule limits (20,000 unique source/destinations in network rules) and i know if i exceeded the limits this might impact my performance. Now i need to know what my options will be if i need more rules…
asked 2024-10-10T11:57:30.5033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 71%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Tarek Metwally
40
Reputation points
accepted 2024-10-18T12:38:39.55+00:00
Tarek Metwally
40
Reputation points
0 answers
How to Setup Azure OpenAI for Databricks running into error Error code: 403 - {'error': {'code': '403', 'message': 'Access denied due to Virtual Network/Firewall rules.'}}
After creating a new resource for Azure OpenAI service , We ran into this error not able to access OpenAI via api_key and endpoint (private) due to the error message indicates that access is denied due to Virtual Network/Firewall rules. How can we…
asked 2024-10-16T18:18:51.8966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 50%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETK%3C/text%3E%3C/svg%3E)
TANAPAT KLOMJIT
0
Reputation points
commented 2024-10-17T04:06:09.4066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
26,201
Reputation points Microsoft Employee
0 answers
How do I configure an inbound NAT rule in Azure Firewall to point at an Azure Container App?
The instructions to filter inbound traffic uses a Virtual Machine with a private IP address. If I set up a Container Apps Environment with a subnet and a Container App with VNet only ingress, the Container App replica doesn't have a private IP available.…
asked 2024-10-14T15:43:46.87+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 0%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Christopher Febles
0
Reputation points
commented 2024-10-16T16:29:51.59+00:00
Christopher Febles
0
Reputation points
0 answers
Azure routing to Palo Alto CNGFWs
Having issues where our Panorama instance in UK South is not able to reach our Palo Alto Cloud Next Gen Firewalls in UK West. Not sure why the devices are not able to communicate, any help?
asked 2024-10-09T08:16:33.7666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 2%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Nana Poku
40
Reputation points
commented 2024-10-15T16:11:38.5033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Ganesh Patapati
810
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Azure Firewall - Denied DNAT Traffic
Hi, I have structured logs enabled on our Azure firewall which is logging everything minus the fat and full flow logs. Is there a way to see all IP addresses trying to connect to our public IPs on the firewall which are members of DNAT rules? We are…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 68%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
1 answer
How to block Outbound internet access for Azure VM
Hello, I have created a VM and added UDR route table for the VM subnet to route traffic to Azure Firewall appliance and created a Network rule on Azure firewall to block Internet access. But still I can see VM has internet access.
asked 2024-10-09T13:24:28.87+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 10%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBG%3C/text%3E%3C/svg%3E)
Bolenath Gundagani
0
Reputation points
commented 2024-10-14T10:48:51.8633333+00:00
Ganesh Patapati
810
Reputation points Microsoft Vendor
0 answers
Azure Firewall change public IP
Recently Azure have made their public IP addresses zone redundant by default: https://azure.microsoft.com/en-us/blog/azure-public-ips-are-now-zone-redundant-by-default/ With basic public IP addresses being retired next year I need to remove mine from as…
asked 2024-10-01T09:47:17.3333333+00:00
Eddie Vincent
0
Reputation points
commented 2024-10-09T20:05:24.47+00:00
ChaitanyaNaykodi-MSFT
26,201
Reputation points Microsoft Employee
1 answer
My network rule that specifically allows access to public SQL MAnaged Instance URL does not appear to work
I have two virtual hosts in my Azure V-NET. The subnet they are are in is connected to a route table that sends 0.0.0.0/0 to the internal IP Address of my Azure Firewall. From these virtual hosts which send traffic through the Azure Firewall I can reach…
asked 2024-09-25T15:36:33.22+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.999999999999996%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ3%3C/text%3E%3C/svg%3E)
JohnSebastian-3934
421
Reputation points
answered 2024-10-08T14:28:07.0866667+00:00
Ganesh Patapati
810
Reputation points Microsoft Vendor
1 answer
Azure Storage Account - Public Access via Azure Front Door Endpoint - Firewall Setting
Hi, I have a storage account static website being accessed via Azure FrontDoor. It works well with "Public network access" option set to "Enabled from all networks". If I set it to "Enabled from selected VNETs and IPs" I'll…
asked 2024-08-30T14:19:48.2533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 64%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
juni dev
336
Reputation points
commented 2024-10-08T03:31:32.97+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Sai Prasanna Sinde (Quadrant Resource LLC)
680
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Azure firewall behavior if instances misbehave
Hello , I know the fact that Azure firewall starts with two virtual machines, just asking what the behavior will be if at the same the two virtual machines for some reason are not functioning properly?
asked 2024-09-12T11:14:49.2633333+00:00
Tarek Metwally
40
Reputation points
accepted 2024-10-04T16:34:56.2433333+00:00
Tarek Metwally
40
Reputation points
1 answer
One of the answers was accepted by the question author.
When I send traffic to the firewall, my host cannot reach any powerapps
I have a Firewall Policy that has several Network and Application Rulesets. The host2 I'm having problems from are 10.0.3.6 , 10.0.3.8 and 10.0.5.4 on different subnets. I have IP Groups setup for the 10.0.3.* and the 10.0.5.* hosts. In my Network…
asked 2024-09-19T21:28:53.8533333+00:00
JohnSebastian-3934
421
Reputation points
commented 2024-10-04T13:38:04.03+00:00
JohnSebastian-3934
421
Reputation points
1 answer
One of the answers was accepted by the question author.
How to replace Route Tables by using Azure Route Server?
How do I setup Azure Route Server to replace Route Tables that route traffic to an Azure Firewall instance? We have a hybrid setup and our on-premise location is connected to our Azure environment via Express Route. We have an Azure Network Gateway (type…
asked 2024-10-03T07:47:02.21+00:00
Bram vd Klinkenberg
71
Reputation points
accepted 2024-10-04T07:17:00.36+00:00
Bram vd Klinkenberg
71
Reputation points
1 answer
One of the answers was accepted by the question author.
How would TLS inspection work with WAF enabled App Gateway and Azure Firewall?
Hi, I have been struggling with this from a while now. Our design has WAF enabled App gateway for incoming HTTP / HTTPS traffic from internet and then have Azure Firewall behind it. Have couple of queries for which I need assistance: 1: Does WAF has…
asked 2024-09-18T23:33:09.83+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rakesh Singh
205
Reputation points
edited a comment 2024-10-03T19:28:10.1833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 12%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Mail Sa
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Does Azure Firewall support BGP?
Does Azure Firewall support BGP? I am looking into Azure Route Server to replace the route tables which we now deploy with each (spoke) vnet. I read an article stating that Azure Firewall does not support BGP, so using ARS in combination with AFW would…
asked 2024-10-02T12:36:18.5+00:00
Bram vd Klinkenberg
71
Reputation points
accepted 2024-10-02T14:04:52.98+00:00
Bram vd Klinkenberg
71
Reputation points
5 answers
When I send traffic to the firewall, my host cannot reach any powerapps
I have virtual hosts in Azure Commercial West US 2 region and Powerapps running in the Azure GCC environment. All Powerapps run just fine when I do not send any traffic (0.0.0.0/0) through the Azure Firewall. However as soon as I send traffic through…
asked 2024-09-23T13:38:00.8933333+00:00
JohnSebastian-3934
421
Reputation points
answered 2024-09-30T20:19:21.5733333+00:00
JohnSebastian-3934
421
Reputation points
1 answer
One of the answers was accepted by the question author.
Routing Issues with S2S VPN VNET Peered with ExpressRoute VNET
The Context: I have 3 VNETS (VNET1, VNET2, VNET3). VNET1 has a S2S VPN allowing on-prem devices to connect to Azure. VNET2 has an ExpressRoute allowing another subnet of on-prem devices to connect to Azure. VNET3 also has an ExpressRoute allowing another…
asked 2024-07-02T14:29:17.2566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 73%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER1%3C/text%3E%3C/svg%3E)
RahulRana-1085
30
Reputation points
commented 2024-09-29T13:37:23.43+00:00
KapilAnanth-MSFT
46,016
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
On-premises expressroute BGP is advertising 0.0.0.0/0 and using Azure Firewall to control traffic (including internet)
hi My environment is an on-premises expressroute BGP is advertising 0.0.0.0/0. I want to use Azure Firewall to control all traffic (including internet). See and discuss the architecture picture attached below. My guess is that we need to send the route…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 99%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Azure Hub Network with NVA and azure firewall and routing between VPN and Express route gateway through firewalls
Hi Team, I have attached the network diagram, Here is set up. There is HUB and Spoke topology with NVA. All traffic between on-premise and azure spoke is passing through NVA Third party location is connected through SDWAN VM over internet. SDWAN VM is…
asked 2024-08-20T21:58:14.7633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 67%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Siddhesh Rane
61
Reputation points
commented 2024-09-24T19:24:27.5933333+00:00
Siddhesh Rane
61
Reputation points
1 answer
One of the answers was accepted by the question author.
Hub and two Spoke vnets with AFW in Hub and traffic from Expressroute
Hello, I have got problem with not going traffic via Azure Firewall from ExpressRoute to one of two spoke vnets(I don't see any traffic on Firewall logs but I can see traffic with tcpdump on VM in spoke). Traffic to on-prem via ExpressRoute works fine…
asked 2024-09-18T08:55:52.09+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 15%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Sepski, Krzysztof Antoni
20
Reputation points
accepted 2024-09-24T05:57:34.8333333+00:00
Sepski, Krzysztof Antoni
20
Reputation points