Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,775 questions
To use Private IP's for our VM's for public Access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 57.99999999999999%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Girish Prajwal
706
Reputation points
We have Palo Alto Firewall configured in our Azure environment with the Public IP's enabled for our VMs. However, we cannot expose our Network/IP to public access. How can we use private IP for this scenario?
Azure Virtual Network
{count} votes
-
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator2020-10-20T13:15:57.34+00:00 Hello @Girish Prajwal ,
May I know from where would you like to access the VMs privately? Is it from your on-premises or from normal Internet? Also, could you please explain your current setup and requirement in more detail?
Thanks,
Gita -
Girish Prajwal 706 Reputation points
2020-10-21T13:05:06.39+00:00 Hi Gitarani,
We have Palo Alto Firewall configured in one of our VNET with in the HUB. Where 2 of the Linux VM's are configured with the Public IP. The 2 are in the same availability set.
- We have our DNS created in different VNET which is part of the HUB
- However, we would want to use the above DNS servers(VM) for accessing the VNET
- We have not peered these 2 VNets due to security reasons
- We want to use our DNS(Azure VM's created for this purpose) to be utilized for accessing the Internet
- Or We would like to know the other best practices where we could configure the requirement in a secured manner.
- We don't want to point any of the DNS servers pointing back to our on-premises servers for any outgoing traffic.
-
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
2020-10-22T13:53:38.037+00:00 Hello @Girish Prajwal ,
I am still a bit confused with your setup.
When you say HUB, are you using Virtual WAN?
And when you say "we would want to use the above DNS servers(VM) for accessing the VNET", do you mean the Vnet where Palo Alto & Linux VMs are deployed?
Also, you mentioned that "we have not peered these 2 VNets due to security reasons", in that case what type of connectivity is present between the 2 Vnets?Could you share a network architecture diagram of your setup, if available?
Thanks,
Gita -
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
2020-10-27T05:05:54.517+00:00 Hello @Girish Prajwal ,
Could you please provide an update on this post and respond to the above queries for further investigation?
Thanks,
Gita -
Girish Prajwal 706 Reputation points
2020-10-27T08:24:33.437+00:00 We have Palo Alto Firewall configured in one of our VNET and it is in the HUB. Palo Alto is configured on the Linux VM.
• We have our DNS VM’s created in different VNET which is part of the HUB
• We would want to use the above DNS servers (VM) for accessing the Internet
• We have not peered these 2 VNets due to security reasons
• Or We would like to know the other best practices where we could configure the requirement in a secured manner.
• We don't want to point any of the DNS servers pointing back to our on-premises servers for any outgoing traffic.
I have attached the file for your reference. If you need the actual diagram. Can I have private channel to share it. Like we share it on the MS case. That would be much better. a
-
Girish Prajwal 706 Reputation points
2020-10-28T10:27:14.29+00:00 Hi Gitarani,
Are you on Vacation. Could someone else take over this thread on her behalf.
-
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
2020-10-28T11:10:07.997+00:00 Hello @Girish Prajwal ,
Sorry for the delay in my response. From what I understood, you have 4 Vnets in one subscription and would like to use the DNS servers (VMs) in the same subscription to access Internet.
In order to do that, first the Vnets needs to be connected to each other either by Vnet Peering or Vnet to Vnet connection and then you can use UDR on all other subnets to route all traffic to the DNS servers and the DNS server should be able to forward the traffic to the correct destination by using IP Forwarding.
We can discuss more in detail, if you can send me all the information via email. Could you send an email to azcommunity@microsoft.com referencing this thread as well as your subscription ID. Please mention "ATTN gishar" in the subject field.
Thanks,
Gita -
Girish Prajwal 706 Reputation points
2020-10-30T14:41:00.16+00:00 Thank you Gita.. I will check and let you know if I can share the original architect diagram and the subscription details.
-
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
2020-11-06T12:03:48.127+00:00 -
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
2020-11-09T03:06:36.727+00:00 Hello @Girish Prajwal ,
Could you please provide an update on this post?
Kindly let us know if the issue is resolved or you need further assistance on this issue.
Thanks,
Gita -
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
2020-11-12T10:02:59.013+00:00 Hello @Girish Prajwal ,
Following up again on this post to check for an update, as we've not heard from you in sometime. Please let us know if you need further assistance on this issue or we can close it.
Thanks,
Gita -
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
2020-11-18T14:21:57.553+00:00 Hello @Girish Prajwal ,
Since we've not heard from you in a long time, we are closing this issue. Feel free to drop an email as requested, if you need further assistance.
Thanks,
Gita
Sign in to comment
Sign in to answer