Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
2 answers
One of the answers was accepted by the question author.
Unable to ping VM to VM with traffic routed through the Firewall.
I have a 2 spokes and a hub. the rote tables in the spoke are configured to route the traffic through the firewall. 0.0.0.0/0 . I have VM's in both the spokes and i want to ping one from the other. This is not successfull. I have allowed all protocal…
Azure Firewall
asked 2025-07-15T07:42:21.6733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 14.000000000000002%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYM%3C/text%3E%3C/svg%3E)
Yashas Manjunath
96
Reputation points
edited a comment 2025-07-15T11:59:03.7966667+00:00
Yashas Manjunath
96
Reputation points
0 answers
Azure Firewall - URL matching
Does www.contoso.com in targetUrl match www.contoso.com/?siteId=asd343s32kj343dce ? Documentation mentions that it should match below examples www.contoso.com www.contoso.com/ The doc also mentions that www.contoso.com/test should match…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-07-13T16:55:27.0233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 4%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Peter Stieber
160
Reputation points
commented 2025-07-15T10:56:27.2066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Ganesh Patapati
7,165
Reputation points Microsoft External Staff
Moderator
1 answer
Azure Firewall Outbound
Documentation keeps mentioning that app rules are applied only to outbound traffic. Same applies to network rules where dst is fqdn. They are only applied to outbound traffic - traffic leaving from VNET. Can someone please explain that little more? What…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-07-12T11:55:10.1933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 92%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Peter Stieber
40
Reputation points
commented 2025-07-15T10:53:12.9833333+00:00
Ganesh Patapati
7,165
Reputation points Microsoft External Staff
Moderator
1 answer
Azure Firewall - public IP as nexthop
Documentation says that Application rules aren't applied for inbound connections. So, if you want to filter inbound HTTP/S traffic, you should use Web Application Firewall (WAF) So my understanding is that when FW receives something on public IP,…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-07-10T08:49:43.23+00:00
Peter Stieber
160
Reputation points
commented 2025-07-15T10:51:41.9033333+00:00
Ganesh Patapati
7,165
Reputation points Microsoft External Staff
Moderator
0 answers
Clarification on Public IP Addresses and DNAT Rules in Azure Firewall
Documentation mentions that the number of public IP addresses attached to a Firewall and the unique destinations in DNAT rules both contribute to the total limit of 250 public IP addresses. I have confusion regarding how DNAT rules operate. Does the…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-07-14T20:49:29.3833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 92%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM4%3C/text%3E%3C/svg%3E)
MatthewHendry-4985
0
Reputation points
edited a comment 2025-07-14T23:32:30.35+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 36%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
G Sree Vidya
2,685
Reputation points Microsoft External Staff
Moderator
1 answer
Not able to ping vm to vm in hub spoke with azure firewall
I have set up hub and 2 spokes using Azure Firewall to route traffic from spoke to spoke. I have set correct route to allow all to all this is the only firewall rule I have In both subnet I have set default route rule to Azure Firewall IP there are no…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,482 questions
asked 2023-02-05T20:05:40.14+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 23%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Piotr Szustakowski
0
Reputation points
edited a comment 2025-07-14T10:29:26.67+00:00
Yashas Manjunath
96
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Firewall - force tunneling
Why does documentation says that in order to enable force tunneling I must create an Azure Firewall with the Firewall Management NIC enabled? Can I not do that without management subnet/nic? What happens if I create udr for fw subnet to forward some…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-07-12T13:53:33.77+00:00
Peter Stieber
40
Reputation points
accepted 2025-07-12T14:09:13.09+00:00
Peter Stieber
40
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Firewall - Network rule with FQDN
I want to use azure firewall to filter inbound traffic based on FQDN, for example allow just traffic from the domain out.example.com to reach our virtual network resources, is this supported ? The doc mention just outbound traffic. I can't filter by IP…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-07-12T08:16:46.6066667+00:00
Peter Stieber
40
Reputation points
accepted 2025-07-12T14:07:53.3866667+00:00
Peter Stieber
40
Reputation points
0 answers
Enforcing All Traffic Through Azure Firewall with Site-to-Site VPN Between Azure Tenants – Asymmetric Routing and RDP Failure
Problem Statement Scenario: We have two Azure tenants (Tenant1 and Tenant2) connected via Site-to-Site VPN. In Tenant1, we have deployed Azure Firewall in a hub virtual network. All traffic must be forced through Azure Firewall for inspection, including…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-07-11T19:07:37.1666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 8%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Paul
20
Reputation points
commented 2025-07-11T21:56:35.2266667+00:00
G Sree Vidya
2,685
Reputation points Microsoft External Staff
Moderator
1 answer
One of the answers was accepted by the question author.
Azure Firewall with NAT Gateway
I am looking at this example - Azure Firewall with NAT Gateway and I am trying to understand this - Route table example with NAT Gateway. "You must add a route for the return path to use the NAT Gateway public IP address instead of the Azure…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-07-07T05:59:02.0233333+00:00
Peter Stieber
160
Reputation points
commented 2025-07-09T07:49:55.71+00:00
Alex Burlachenko
11,610
Reputation points
1 answer
Azure firewall proxy
Hello, If you have set up several DNS servers behind an Azure Firewall DNS Proxy. For example your own DNS server and Azure DNS. How does the DNS request that goes through the DNS Proxy know where to go? Does the request choose a random DNS server…
Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
779 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2022-09-16T06:23:56.007+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 32%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Erik
1
Reputation point
commented 2025-07-08T08:35:43.4133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 50%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Georgios Angelakis
20
Reputation points
1 answer
Azure Firewall I see the
Azure Firewall reports the following problems: Failed to resolve FQDN microsoftmetrics.com. Error lookup microsoftmetrics.com on 127.0.0.53:53: no such host; DNS resolution returned no IPs. It comes from AzureFirewallSubnet subnet. So seems that Azure…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2024-02-26T10:49:53.0733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 9%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMF%3C/text%3E%3C/svg%3E)
Mariusz Ferdyn
5
Reputation points
answered 2025-07-02T13:56:33.3433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 49%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGD%3C/text%3E%3C/svg%3E)
Gyan Deep Kumar
0
Reputation points
1 answer
One of the answers was accepted by the question author.
"Retirement: Default outbound access for VMs in Azure will be retired" - applies to managed vms?
It's not clear to me in the announcement and docs whether this will apply to managed vms such as those underlying resources such as Azure Firewall, Azure Database for Postgres, CosmosDB, Vnet Gateways Our "Virtual Machine" and VMSS resources…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENG%3C/text%3E%3C/svg%3E)
2 answers
Deleted Azure Cloud PA are still showing in Palo Alto portal
I removed 3x Cloud PA from Azure however they are still showing in the PA support portal. I contacted PA support and they stated that because they were created with the Pay as you go Azure method they must be removed from the Azure side. I do not see…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-06-23T19:14:04.11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 82%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEM%3C/text%3E%3C/svg%3E)
Eric Mortimer
0
Reputation points
commented 2025-06-24T19:36:22.8633333+00:00
Eric Mortimer
0
Reputation points
3 answers
Intermittent Passive FTP connection via Azure Firewall
Hi I've set up an FTP server on a Windows 2022 vm on vnet4. The VM has a number of private addresses as it's used for HTTPS and FTP. It also currently has an unused public IP. I have an Azure firewall on vnet3. The firewall policy has DNAT rules…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-06-19T08:19:04.9533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 43%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Simon Bennetts
66
Reputation points
edited an answer 2025-06-20T14:51:13.2566667+00:00
Ganesh Patapati
7,165
Reputation points Microsoft External Staff
Moderator
2 answers
One of the answers was accepted by the question author.
Azure Firewall Classic Rules - rule processing order
What is the rule processing logic for Azure Firewall when using classic rules (i.e., without a policy)? I have three rule collections configured, and I assume the processing logic follows the same order as with the policy-based approach—where…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-06-16T10:53:07.4+00:00
Peter Stieber
160
Reputation points
accepted 2025-06-19T06:18:17.02+00:00
Peter Stieber
160
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Firewall - application rules
Documentation says that application rules aren't applied for inbound connections. So, if you want to filter inbound HTTP/S traffic, you should use Web Application Firewall (WAF). For more information, see What is Azure Web Application Firewall? So…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-06-18T07:29:48.06+00:00
Peter Stieber
160
Reputation points
accepted 2025-06-19T06:17:44.4866667+00:00
Peter Stieber
160
Reputation points
2 answers
One of the answers was accepted by the question author.
Azure Firewall DNAT
Is it possible to create a DNAT rule on Azure Firewall to translate traffic from the firewall's private IP address to another destination, such as a VM in a different VNet? Or are DNAT rules only applicable when using the firewall's public IP address?
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-06-18T06:51:00.05+00:00
Peter Stieber
160
Reputation points
commented 2025-06-18T13:50:48.9966667+00:00
Alex Burlachenko
11,610
Reputation points
1 answer
Azure Firewall - NAT inherited policy
Here the documentation says that NAT rules are not inherited from parent policy Link - https://learn.microsoft.com/en-us/azure/firewall-manager/policy-overview#hierarchical-policies however this example says NAT rules are applied from parent…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-06-18T06:31:05.6566667+00:00
Peter Stieber
160
Reputation points
answered 2025-06-18T07:21:59.9066667+00:00
G Sree Vidya
2,685
Reputation points Microsoft External Staff
Moderator
1 answer
Firewall and Workload Subnet NSG
Issue: Unable to reach the internet when using specific NSG destination rules, despite routing through Azure Firewall. Setup Overview: Azure Firewall is deployed in a dedicated AzureFirewallSubnet within a VNet. The workload subnet has a User Defined…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
789 questions
asked 2025-06-12T21:49:38.74+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 71%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGV%3C/text%3E%3C/svg%3E)
Gupta, Varun
25
Reputation points
commented 2025-06-18T02:55:07.36+00:00
G Sree Vidya
2,685
Reputation points Microsoft External Staff
Moderator