Best Methods for Diagnosing Azure Hosted Web App Communication Issues by Adjusting or Disabling Firewall Settings
Hi community, For a web app on Azure constructed using various Azure services, the design typically blocks a lot of communication for security reasons. However, to diagnose issues, it's necessary to allow inbound and outbound communication. I am…
my virtual machine cannot ping public IPs
Hello guys, I need help from everyone, my issue is with the public IP addresses that I cannot ping in my virtual machine. So if anyone can help me with this. I specified that the public IP address of my firewall is what works on my virtual machine but…
Azure WAF is very restricting
Hi In our Azure config, we have an ApplicationGW+WAF in front of APIM. So all external requests pass through the WAF before routing towards APIM. The WAF (owasp rules) seem to be very very restrictive. We get a lot of blocked requests due to rule…
Azure Firewall in VWAN Public IP
Hello! I currently have deployed a secured VWAN with an Azure Firewall. I am wanting my P2S VPN to come out as a static IP. I have 1 Public IP allocated to the Azure Firewall. However, I am not sure if these are Static or if they can change without…
Secure App service
We have several app services and its using access restrictions which lists all the blocked public IPs. Howevever, we want an efficient way to do blocking of IPs so im thinking of Azure Firewall will do the trick? Any suggestions? Thanks!
What is the subnet for *.msftauth.net and *.msftauth.net ?
The application under test has multi factor authentication enabled. This functionality is working as expected. We have recently created a virtual machine which will be used for running load tests. When we open the application from this VM in particular,…
I am unable to delete resources. The bill is showing in Free trial also.
I am unable to delete resources. The bill is showing in the free trial as well. I was unaware that a bill would be generated during a free trial. Please help me to delete the resources and help me to close the bill. I am not sure why the bill is showing.…
Internet Routing via Azure Firewall
Hell All. We have a hub and spoke set up within Azure, within our hub resides our azure firewall and a express route gateway. The hub has 2 spoke vnets peered, each subnet within the peered vnet, has a UDR with a entry 0.0.0.0/0 pointing to the private…
Azure Database Access from A Different Virtual Network
Dear Azure Team, I have an azure managed mysql database in virtual network vnet1 and a virtual machine in vnet2. I am unable to get this VM to access the database. I have a hub-spoke architecture with both vnet1 and vnet2 peered with my hub-vnet with…
Routing Issues with S2S VPN VNET Peered with ExpressRoute VNET
The Context: I have 3 VNETS (VNET1, VNET2, VNET3). VNET1 has a S2S VPN allowing on-prem devices to connect to Azure. VNET2 has an ExpressRoute allowing another subnet of on-prem devices to connect to Azure. VNET3 also has an ExpressRoute allowing another…
Azure load balancer to NVA asymmetric traffic issue
Asymmetric traffic issue on network capture from a VM in another vent - Here is my design - I have VWAN with Azure firewall which yet to secured with intent as next phase of network migration. Therefore, please ignore vWAN and vHUB when it comes as a…
Sporadic Issues with Azure DevOps Agent Accessing Azure Storage Account Despite IP Whitelisting
I am writing to seek assistance with an issue we have been experiencing with our Azure DevOps agent (Microsoft-hosted) accessing our Azure Storage account. Despite adding the IP address of the Azure DevOps agent to the network rules of the storage…
Azure Firewall and outbound pings lost
outbound pings are allowed via policy, can see them leaving via the logs, no returned traffic comes back to complete the ICMP and the client behind the azure firewall shows timed out. what gives? do you have to specifically allow ICMP replies?
Azure Firewall Policy - Policy Analytics Stopped Working Suddenly
As title says, Policy Analytics suddenly stopped working/indexing the logs, so it no longer show traffic, hits etc. Only can see analytics from about 1 week ago and older now. No known changes done in the environment either, I tried to disable the Policy…
Site-2-Site VPN with whitelisted IPs
Dear azure team, I setup S2S VPN from azure to an on-prem infrastructure. The status on azure portal says connected. The tunnels are up on both sides but I am unable to pass traffic through it. Pinging the private IP of the onprem systems is failing.…
Two NVAs (firewalls) inline in Azure
Hi, My client wants to put two firewalls inline as per security policy - Palo Alto and Checkpoint. I want to know: If this is possible in Azure to use two NVAs inline? Although above option is preferred, if we use Azure Firewall + one NVA, is this…
Azure Firewall DNS
Hi, in our existing Azure Firewall configuration, under DNS, we have the DNS servers enabled with the default Azure provided DNS and the DNS proxy disabled. For all our other resources in Azure, we have 2 Azure domain controllers and these are also the…
Azure private zone with on prem ADDNS
I had a requirement to use the Azure firewall proxy to capture and log DNS traffic comping Azure private link services. My plan was to setup conditional forwarder for all private DNS resources from on prem to Azure firewall using firewall proxy to DNS…
Express Route and Azure Firewall
We have express route to on-prem and it is working fine. We are in the process of implementing Az Firewall but are having trouble getting the routing right. I know you cannot add routes to the Express Route subnet so how do we force traffic that…
Inbound Service tags in Firewall rules not avalable in portal
we have a service bus configured in vnet using private endpoint. We are creating D365 plugins which will publish to a topic in the service bus. Since D365 is in MSIT. We require to allow the inbound for that traffic. So, planning to enable…