Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
469 questions
azure firewall idps protocol and encryption
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 55.00000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Yang, Steven
86
Reputation points
Hello,
out of all the idps signatures, is there a way for us to tell which one requires ssl decryption to be enabled? meaning the signature won't be able to properly inspect the traffic if it is encrypted.
Best,
Steven
{count} votes
-
Yang, Steven 86 Reputation points
2023-09-19T14:40:07.4866667+00:00 also - i noticed that some signature rules would get deleted. how does that work and how can I get notify about it?
-
GitaraniSharma-MSFT 38,521 Reputation points Microsoft Employee2023-09-20T08:48:19.6+00:00 Hello @Yang, Steven ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I'll discuss your query with the Azure Firewall Product Group team and keep you posted on the updates.
Regards,
Gita
-
GitaraniSharma-MSFT 38,521 Reputation points Microsoft Employee
2023-09-20T15:55:15.8533333+00:00 @Yang, Steven , could you please elaborate on this statement "I noticed that some signature rules would get deleted"? Are the rules auto deleted?
-
Yang, Steven 86 Reputation points
2023-09-20T15:58:13.39+00:00 last week the signature rule count was 62K something, this week the count dropped to 61K something.
-
GitaraniSharma-MSFT 38,521 Reputation points Microsoft Employee
2023-09-20T17:13:02.4533333+00:00 @Yang, Steven , thank you for the quick update. I'll check on this and get back to you soon.
-
GitaraniSharma-MSFT 38,521 Reputation points Microsoft Employee
2023-09-20T19:51:08.9866667+00:00 Hello @Yang, Steven ,
I discussed the above queries with the Azure Firewall Product Group team, and below are the responses:
Out of all the IDPS signatures, is there a way for us to tell which one requires SSL decryption to be enabled? Meaning the signature won't be able to properly inspect the traffic if it is encrypted.
Majority of the signatures requires TLSi to take effect, the signatures that are applicable for encrypted traffic relate to L3 and L4 protocols, they are basically related to the connection establishment part until the encrypted tunnel is constructed.
I noticed that some signature rules would get deleted. Last week the signature rule count was 62K something, this week the count dropped to 61K something. How does that work and how can I get notified about it?
Signatures rules that are not seen in use for long period (years) are being cleaned out.
Kindly let me know if you've any follow-up questions.
Regards,
Gita
-
Yang, Steven 86 Reputation points
2023-09-20T20:15:49.47+00:00 can you provide a bit more descriptive insight on the TLSi? i need some sort of report that goes up to my leadership to explain what we might missed because we don't have ssl inspection enabled.
for example, can you point out which one of these protocol signatures would most likely required TLSi to be effective?
Sign in to comment