Effect of enabling DNS proxy in Azure Firewall.
My environment has an Azure firewall configured as a shared resource. connection to smpt.office365.com in the above firewall was configured using application firewall rule to port 587, but we are unable to send emails. The plan is to re-configure the…
Rule swap in azure firewall
Hi, Since this week when I perform a Terraform plan against my Azure Firewall, rules are listed in random order in the rule collection and the same goes for rule parameters. If I apply this plan, real changes are done against the firewall which last more…
How would I allow connections from my V-NET hosts to *.azurewebsites.net/*?
I've tried using a Network rule that allows traffic to AppService tag. My clients in the V-NET attempt to connect to something.azurewebsites.net/restofpath So far I just get 403 errors.
Confirm if IDPS in Azure firewall is active when behind Azure Application Gateway WAF
My scenario is: [Internet] -> [Azure AGWAF] -> [Azure Firewall] -> [Load Balancer] -> [App Servers] Azure Firewall is Premium, with IDPS & Threat Intelligence enabled. Inbound HTTPS traffic hits the AGWAF, is (WAF) filtered and then…
What is https://aka.ms/. Why is this firewalled?
Is https://aka.ms/vs/17/release/vs_enterprise.exe safe? I can't access anything from Microsoft anymore because https://aka.ms/ is blocked behind my company firewall. What is https://aka.ms/? Why did Microsoft start putting all MSDN downloads…
NSG - Network security group - How to block traffic
Hi, I have a virtual network and subnet 10.185.23.0/24 in it. There is VM with IP 10.185.23.4. We have domain controllers in seperate Vnet and subnet 10.185.4.0/26. I want to block any outgoing traffic towards one of the domain controller 10.185.4.7…
![](https://techprofile.blob.core.windows.net/images/m5buVEA_QUeJ9P_0vgAtbg.png?8DACCA)
Azure Firewall upgrade and preservation of public IP
Hello! I have a question about upgrading the SKU of Azure Firewall. If I change from Standard to Premium using "Azure Firewall easy upgrade/downgrade", will the public IP that is added to the Secured Virtual Hub still be preserved? Thank you.
Sample Log Analytics queries are just wrong
When I go to logs in the Azure Portal for the Firewall and it drops me into Log Analytics, but the sample queries don't work. This is really poor quality and I don't understand why it's allowed to happen. As a user of the service I shouldn't have to…
Route all outcoming traffic from Azure VM via Azure Firewall to on promise
We are utilizing a Hub and Spoke network topology within our Azure environment and are aiming to establish a network architecture that mirrors this setup. Specifically, we have an Azure VM located in a Spoke (subnet) that is paired with the Hub Vnet…
Azure Firewall TLS inspection fails with handshake failure, alert 40
interCA-old.pfx.txt Hello, I'm trying to setup Azure Firewall with TLS inspection. I cannot get past one problem. Problem: Firewall fails to process rule. Chrome/Edge browser error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH openssl error: $ openssl s_client…
Add o365 rules to Azure Firewall
Hi, I need to add all the necessary Firewall rules for VM's in our Azure estate so they can activate against Microsofts servers. What are the ports/URLs needed for this? And how do I go about implementing into Azure firewall? Kind regards
Azure Firewall I see the
Azure Firewall reports the following problems: Failed to resolve FQDN microsoftmetrics.com. Error lookup microsoftmetrics.com on 127.0.0.53:53: no such host; DNS resolution returned no IPs. It comes from AzureFirewallSubnet subnet. So seems that Azure…
Network configuration to allow communication with new IP addresses for Azure Data Factory
I need to understand what changes are required on NSG and Firewall Perspective for below alert? Recommended action If you're affected, notify your network infrastructure team to update your network configuration to add these new IP addresses by 1 April…
Hosting Django Server in port 8000 and accessing it from ip address
Hello I went to django manage.py runserver 0.0.0.0:8000 which runs server perfectly but i am unable to acess it from azure public ip address as mentioned on both network interface or virtual machine eg: http://
Most cost effective way to secure 2 VMs running a webserver
Hey, I am conducting a project where I will have 2 VMs for redundancy, they will have the same configuration. The VMs will essentially be running docker, portainer and OpenCTI. What is the best way to secure these, there seems to be so many…
Azure Firewall High Latency
I have a firewall setup of standard SKU type what is the recommended latency probe recommended for standard SKU. If it reaches the maximum latency how we can resolve?
How does the ‘Allow public access from any Azure service within Azure to this server’ option in PaaS firewall settings function from a technical perspective?
How does the ‘Allow public access from any Azure service within Azure to this server’ function from a technical perspective? I understand this setting allows all Azure services and other customer resources to connect, but behind the scenes, how is the…
How to route all incoming traffic from on premise via Azure Firewall
I have site to site VPN i created Azure firewall on same virtual network as Gateway. I have Hub and Spoke network topology. I want all the traffic coming from on-premise to be routed through Azure Firewall.
AzureFW HA failure behavior
My customer has a couple of questions around the behavior of AFW in a failure scenario. I have investigated doc’s and Q&A and haven’t found any good answer. Could you please provide some detailed input to the following questions. Scenario: Azure…
Alternative to closing ports used by Azure Virtual Network Gateway
It is to my understanding that Azure Virtual Network Gateway requires some ports to be open for Azure infrastructure communucation and that there was no way to close said ports on the Network Gateway. My question is if there is an alternative or…