Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to allow requests only to certain FQDNs using Azure Firewall.
Please note that FQDNs are not supported in NSG.
Only Azure Firewall can support FQDNs.
Also, I am not sure what do you mean by "cashless VMs". Would appreciate if you could elaborate on this.
You can follow the steps mentioned here to achieve your requirement.
Deploy and configure Azure Firewall using the Azure portal
- Create a Azure Firewall and a Firewall Policy (depending upon your SKU)
- Make sure the VNet in which you are deploying the firewall and the VNet where the VMs are deployed are peered to each other and can communicate with each other
- On the subnet of the VM, attach a route table
- In the route table, make sure you have a path so every traffic goes to the Azure Firewall as Next Hop
- For blocking FQDNs, you must use an Application rule with Allow action to the desired FQDNs
- Please note that Az FW is Deny by default and you will be required to add the FQDNs for which you would like to provide access.
I hope this helps. Please let me know if you require further information
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.