Azure Firewall and outbound pings lost
outbound pings are allowed via policy, can see them leaving via the logs, no returned traffic comes back to complete the ICMP and the client behind the azure firewall shows timed out. what gives? do you have to specifically allow ICMP replies?
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
Site-2-Site VPN with whitelisted IPs
Dear azure team, I setup S2S VPN from azure to an on-prem infrastructure. The status on azure portal says connected. The tunnels are up on both sides but I am unable to pass traffic through it. Pinging the private IP of the onprem systems is failing.…
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
Two NVAs (firewalls) inline in Azure
Hi, My client wants to put two firewalls inline as per security policy - Palo Alto and Checkpoint. I want to know: If this is possible in Azure to use two NVAs inline? Although above option is preferred, if we use Azure Firewall + one NVA, is this…
![](https://techprofile.blob.core.windows.net/images/IGYZVnS2WkC08pT7wt4LXw.png?8D903B)
![](https://techprofile.blob.core.windows.net/images/IGYZVnS2WkC08pT7wt4LXw.png?8D903B)
Azure Database Access from A Different Virtual Network
Dear Azure Team, I have an azure managed mysql database in virtual network vnet1 and a virtual machine in vnet2. I am unable to get this VM to access the database. I have a hub-spoke architecture with both vnet1 and vnet2 peered with my hub-vnet with…
Routing Issues with S2S VPN VNET Peered with ExpressRoute VNET
The Context: I have 3 VNETS (VNET1, VNET2, VNET3). VNET1 has a S2S VPN allowing on-prem devices to connect to Azure. VNET2 has an ExpressRoute allowing another subnet of on-prem devices to connect to Azure. VNET3 also has an ExpressRoute allowing another…
Azure Firewall DNS
Hi, in our existing Azure Firewall configuration, under DNS, we have the DNS servers enabled with the default Azure provided DNS and the DNS proxy disabled. For all our other resources in Azure, we have 2 Azure domain controllers and these are also the…
Azure private zone with on prem ADDNS
I had a requirement to use the Azure firewall proxy to capture and log DNS traffic comping Azure private link services. My plan was to setup conditional forwarder for all private DNS resources from on prem to Azure firewall using firewall proxy to DNS…
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
Express Route and Azure Firewall
We have express route to on-prem and it is working fine. We are in the process of implementing Az Firewall but are having trouble getting the routing right. I know you cannot add routes to the Express Route subnet so how do we force traffic that…
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
Inbound Service tags in Firewall rules not avalable in portal
we have a service bus configured in vnet using private endpoint. We are creating D365 plugins which will publish to a topic in the service bus. Since D365 is in MSIT. We require to allow the inbound for that traffic. So, planning to enable…
Express Route Routing Issues (Azure to On-premises route)
Hi @GitaraniSharma-MSFT - We have performed the same setup from this article https://learn.microsoft.com/en-us/answers/questions/860533/express-route-and-azure-firewall) We have 2 express route premium circuits (East US & South-Central US) with 3…
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
Azure Firewall
Hello, Currently i have 3 server with Public IP enabled, and each server have specific rule to allow some ports accessing from internet. What i do is block incoming connection on the NSG. If i have azure firewall, can i block incoming connection from the…
![](https://techprofile.blob.core.windows.net/images/zCxR1gzTUkeGX5-wM6PGoA.png?8DB52A)
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
Network Security Groups attached to a NIC
Hi: We are investigating which are the current Effective Security Rules that are applied to a Network Interface(NIC). We are aware that we can achieve this using a REST API call: Network Interfaces - List Effective Network Security Groups - REST API …
Hub and Spoke architecture traffic flow issue?
We have a hub and spoke architecture environment. We need communication from vm1 from spoke 1 to communicate to vm2 in spoke 2 using hub and azure firewall in hub vnet. We need to establish this connection without using Virtual Network Gateway. We…
Delay after whitelisting an IP address
Hi, I have a github action that builds and deploys a static website into a Azure Storage account. By default the storage account's firewall rules deny incoming connections so I need to whitelist the github runner's current IP for the duration of the…
Azure VM Access to the Internet via Azure Firewall
Dear Azure Team I am very careful to mess around with our firewalls. We have a number of private VMs in a subnet. The subnet is protected by firewall and there is no direct access to the internet. There is one server in this subnet that needs to connect…
Azure firewall backup with logic app
The backup works and it generate json files with few lines as backup file https://techcommunity.microsoft.com/t5/azure-network-security-blog/backup-azure-firewall-and-azure-firewall-policy-with-logic-apps/bc-p/4165254#M383 I see the restore process with…
![](https://techprofile.blob.core.windows.net/images/84eXqZh4KEGayKJ9OOltlQ.png?8DBCF1)
Azure Firewall Session table
Hi Team, If we manage azure firewall policies through azure firewall manager then Is it possible to see traffic/connections/ session table of Azure firewall from firewall manager or from firewall itself ( Like how we can see traffic in Palo Alto or…
Azure Firewall Policy - Policy Analytics Stopped Working Suddenly
As title says, Policy Analytics suddenly stopped working/indexing the logs, so it no longer show traffic, hits etc. Only can see analytics from about 1 week ago and older now. No known changes done in the environment either, I tried to disable the Policy…
![](https://techprofile.blob.core.windows.net/images/8KcaMUYDAkCAZjXuALd-xw.png?8DA6ED)
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
Internet intent on Azure firewall
Enabling Internet intent on the security configuration of the vhub immediately blocked RDP access to the on premise resources using public IP address. It will probably block web using natted public IP on prem too. Is there any remediation to it?
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
Azure Firewall Outbound DNAT rules
Hi, We are migrating DMZ services to our Azure environment with our Azure premium firewall. I have tested inbound DNAT from an external source without issue. Where we NAT one of the public IP addresses on the Azure firewall to an internal…