Hi all,
Please could I have some support/explanation of the following setup...
I have an Azure Firewall in one VNET & a Windows Web Servers running IIS in another VNET. On the Web Server I have setup a test web site and if from the web server I open a browser and navigate to http://"IP Address" (itself) the test web site loads fine.
On the Azure Firewall I have created a public IP and a DNAT rule that translates the public IP to the private IP of the web server. I have removed all NSGs and local windows firewall so that there is nothing additional that would be blocking connections.
My issue is that if I telnet to the public IP from my laptop (external to Azure) on port 80 it connects through fine and in the Azure Firewall logs I can see that my DNAT rule was used. If I put http://"IP Address" into a web browser on my laptop (external to Azure) it times out and does not connect. What is the browser doing different to telnet?
If I run wireshark on the web server when I run the browser test I "believe" I can see the connections coming in from the browser test. The DNAT rule is being used again in the Firewall logs and I see http connections at the time I run the test coming from 168.63.129.16 which I assume is source natting from the Azure Firewall. I have read that when DNAT is used the Firewall should source NAT from an address within the Firewall subnet so I am not sure why it is using this address?
Can anyone advise why with this setup external telnet connections to the public IP work but browser connections don't. I have removed the browser settings that add www before the IP address.
Your help is very much appreciated.
James