Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
601 questions
0 answers
Azure Firewall and outbound pings lost
outbound pings are allowed via policy, can see them leaving via the logs, no returned traffic comes back to complete the ICMP and the client behind the azure firewall shows timed out. what gives? do you have to specifically allow ICMP replies?
asked 2024-07-09T15:56:54.6466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 60%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
John Wirtz
0
Reputation points
commented 2024-07-10T09:50:38.5133333+00:00
KapilAnanth-MSFT
39,556
Reputation points Microsoft Employee
0 answers
Site-2-Site VPN with whitelisted IPs
Dear azure team, I setup S2S VPN from azure to an on-prem infrastructure. The status on azure portal says connected. The tunnels are up on both sides but I am unable to pass traffic through it. Pinging the private IP of the onprem systems is failing.…
asked 2024-07-02T13:00:08.3533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 21%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESO%3C/text%3E%3C/svg%3E)
Seun Ore
40
Reputation points
commented 2024-07-10T05:48:56.1366667+00:00
KapilAnanth-MSFT
39,556
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Two NVAs (firewalls) inline in Azure
Hi, My client wants to put two firewalls inline as per security policy - Palo Alto and Checkpoint. I want to know: If this is possible in Azure to use two NVAs inline? Although above option is preferred, if we use Azure Firewall + one NVA, is this…
asked 2024-07-05T14:55:21.1733333+00:00
Rajiv Bansal
186
Reputation points
accepted 2024-07-10T04:47:55.98+00:00
Rajiv Bansal
186
Reputation points
0 answers
Azure Database Access from A Different Virtual Network
Dear Azure Team, I have an azure managed mysql database in virtual network vnet1 and a virtual machine in vnet2. I am unable to get this VM to access the database. I have a hub-spoke architecture with both vnet1 and vnet2 peered with my hub-vnet with…
0 answers
Routing Issues with S2S VPN VNET Peered with ExpressRoute VNET
The Context: I have 3 VNETS (VNET1, VNET2, VNET3). VNET1 has a S2S VPN allowing on-prem devices to connect to Azure. VNET2 has an ExpressRoute allowing another subnet of on-prem devices to connect to Azure. VNET3 also has an ExpressRoute allowing another…
asked 2024-07-02T14:29:17.2566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 73%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER1%3C/text%3E%3C/svg%3E)
RahulRana-1085
10
Reputation points
commented 2024-07-09T19:11:58.2233333+00:00
RahulRana-1085
10
Reputation points
3 answers
One of the answers was accepted by the question author.
Azure Firewall DNS
Hi, in our existing Azure Firewall configuration, under DNS, we have the DNS servers enabled with the default Azure provided DNS and the DNS proxy disabled. For all our other resources in Azure, we have 2 Azure domain controllers and these are also the…
asked 2024-07-04T10:32:11.74+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 21%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Ghulam Abbas
191
Reputation points
answered 2024-07-05T10:44:42.65+00:00
Ghulam Abbas
191
Reputation points
1 answer
Azure private zone with on prem ADDNS
I had a requirement to use the Azure firewall proxy to capture and log DNS traffic comping Azure private link services. My plan was to setup conditional forwarder for all private DNS resources from on prem to Azure firewall using firewall proxy to DNS…
asked 2024-07-02T05:59:18.92+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 46%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
prasantc
876
Reputation points
commented 2024-07-04T14:15:04.36+00:00
KapilAnanth-MSFT
39,556
Reputation points Microsoft Employee
2 answers
Express Route and Azure Firewall
We have express route to on-prem and it is working fine. We are in the process of implementing Az Firewall but are having trouble getting the routing right. I know you cannot add routes to the Express Route subnet so how do we force traffic that…
asked 2022-05-23T14:06:36.88+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 35%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MDavis
26
Reputation points
commented 2024-07-03T13:31:02.44+00:00
GitaraniSharma-MSFT
49,346
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Inbound Service tags in Firewall rules not avalable in portal
we have a service bus configured in vnet using private endpoint. We are creating D365 plugins which will publish to a topic in the service bus. Since D365 is in MSIT. We require to allow the inbound for that traffic. So, planning to enable…
asked 2022-07-21T12:48:31.733+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 21%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKT%3C/text%3E%3C/svg%3E)
Kunal Tanti
26
Reputation points Microsoft Employee
commented 2024-07-03T11:36:30.7233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 4%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
NNIT-PHFA
0
Reputation points
0 answers
Express Route Routing Issues (Azure to On-premises route)
Hi @GitaraniSharma-MSFT - We have performed the same setup from this article https://learn.microsoft.com/en-us/answers/questions/860533/express-route-and-azure-firewall) We have 2 express route premium circuits (East US & South-Central US) with 3…
asked 2024-06-30T00:32:00.81+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 67%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Jaykishan Bairagi
0
Reputation points
commented 2024-07-03T06:03:35.1433333+00:00
KapilAnanth-MSFT
39,556
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Azure Firewall
Hello, Currently i have 3 server with Public IP enabled, and each server have specific rule to allow some ports accessing from internet. What i do is block incoming connection on the NSG. If i have azure firewall, can i block incoming connection from the…
asked 2024-06-24T07:34:11.0466667+00:00
Handian Sudianto
4,431
Reputation points
commented 2024-07-03T03:04:27.6+00:00
KapilAnanth-MSFT
39,556
Reputation points Microsoft Employee
1 answer
Network Security Groups attached to a NIC
Hi: We are investigating which are the current Effective Security Rules that are applied to a Network Interface(NIC). We are aware that we can achieve this using a REST API call: Network Interfaces - List Effective Network Security Groups - REST API …
asked 2021-05-27T15:47:32.29+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 37%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EED%3C/text%3E%3C/svg%3E)
Ezequiel De Luca
1
Reputation point
commented 2024-07-02T14:14:35.4666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 82%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZ%3C/text%3E%3C/svg%3E)
ZAN2024
0
Reputation points Microsoft Intern
1 answer
One of the answers was accepted by the question author.
Hub and Spoke architecture traffic flow issue?
We have a hub and spoke architecture environment. We need communication from vm1 from spoke 1 to communicate to vm2 in spoke 2 using hub and azure firewall in hub vnet. We need to establish this connection without using Virtual Network Gateway. We…
asked 2024-06-24T16:08:05.18+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 21%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Sourabh Chhabra
40
Reputation points
commented 2024-06-27T04:36:04.2+00:00
Sourabh Chhabra
40
Reputation points
3 answers
One of the answers was accepted by the question author.
Delay after whitelisting an IP address
Hi, I have a github action that builds and deploys a static website into a Azure Storage account. By default the storage account's firewall rules deny incoming connections so I need to whitelist the github runner's current IP for the duration of the…
asked 2022-03-14T14:12:16.837+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 86%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETK%3C/text%3E%3C/svg%3E)
tamas-kr
56
Reputation points
edited an answer 2024-06-27T03:26:23.1833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 28.000000000000004%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
Roopa Jain
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure VM Access to the Internet via Azure Firewall
Dear Azure Team I am very careful to mess around with our firewalls. We have a number of private VMs in a subnet. The subnet is protected by firewall and there is no direct access to the internet. There is one server in this subnet that needs to connect…
0 answers
Azure firewall backup with logic app
The backup works and it generate json files with few lines as backup file https://techcommunity.microsoft.com/t5/azure-network-security-blog/backup-azure-firewall-and-azure-firewall-policy-with-logic-apps/bc-p/4165254#M383 I see the restore process with…
asked 2024-06-18T06:18:02.09+00:00
prasantc
876
Reputation points
edited the question 2024-06-21T04:07:49.29+00:00
SadiqhAhmed-MSFT
40,831
Reputation points Microsoft Employee
2 answers
Azure Firewall Session table
Hi Team, If we manage azure firewall policies through azure firewall manager then Is it possible to see traffic/connections/ session table of Azure firewall from firewall manager or from firewall itself ( Like how we can see traffic in Palo Alto or…
asked 2024-06-13T12:28:20.3366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 67%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Siddhesh Rane
1
Reputation point
commented 2024-06-18T08:59:56.0066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 13%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGC%3C/text%3E%3C/svg%3E)
Gowtham CP
3,730
Reputation points
0 answers
Azure Firewall Policy - Policy Analytics Stopped Working Suddenly
As title says, Policy Analytics suddenly stopped working/indexing the logs, so it no longer show traffic, hits etc. Only can see analytics from about 1 week ago and older now. No known changes done in the environment either, I tried to disable the Policy…
asked 2024-06-12T08:51:29.74+00:00
Martin Cato Dahl
0
Reputation points
commented 2024-06-18T01:59:12.41+00:00
GitaraniSharma-MSFT
49,346
Reputation points Microsoft Employee
0 answers
Internet intent on Azure firewall
Enabling Internet intent on the security configuration of the vhub immediately blocked RDP access to the on premise resources using public IP address. It will probably block web using natted public IP on prem too. Is there any remediation to it?
asked 2024-06-06T16:36:08.5866667+00:00
prasantc
876
Reputation points
commented 2024-06-13T15:14:05.13+00:00
GitaraniSharma-MSFT
49,346
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Azure Firewall Outbound DNAT rules
Hi, We are migrating DMZ services to our Azure environment with our Azure premium firewall. I have tested inbound DNAT from an external source without issue. Where we NAT one of the public IP addresses on the Azure firewall to an internal…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 68%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)