Backup up network settings of Azure for virtual routers/firewalls

Question

Hi Guys,

I have a few firewalls and routers set up in Azure. The firewalls and routers are locked down to a specific group (Security group) and also their configurations are backup daily. While Azure portal allows system, storage, virtual and security groups that can modify VNET, local network gateway, VNET gateway, subnets...etc which are related to network settings and other settings.

Is there a way to prevent other groups to modify network settings on Azure portal except for the security group?

If one of our guys made a change of network setting on the Azure portal, is there a way to reverse the previous state for the network setting that he changed? Let's say he deleted multiple subnets, can we reverse the change?

Is there a way to back up network settings on Azure? i'm thinking about a worst-case scenario where we need to restore previous working network settings.

Thanks.

Answer 1

Hello Shane DT!

Welcome to Microsoft QnA!

I understand you need to rollover chnages made to VNET Settings on Azure and how to lock down changes

Of course you are aware of Rbac and IAM i assume from the Security Group reference

https://learn.microsoft.com/en-us/azure/role-based-access-control/overview

One way is to apply Resource Write/Delete Locks but for rollover the IaC deployements come into play

Adopt an IaC strategy and you will find out that deloyements are always a click away and major changes are easy to revert in a matter of minutes if not seconds

https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources

https://thomasthornton.cloud/2021/03/08/why-infrastructure-as-code-iac/

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards