Azure + Meraki vMX + Azure Firewall

Timothy Kate Amores 0 Reputation points
2023-09-26T00:56:44.4866667+00:00

Hello,

Do we have any approved pattern for Meraki vMX & Azure firewall on Azure?

We want to integrate the vMx and Azure firewall to our Azure environment and we want to know if there are any implications on doing this setup?

Any recommendations will be appreciated.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
666 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,453 questions
{count} votes

1 answer

Sort by: Most helpful
  1. KapilAnanth-MSFT 45,451 Reputation points Microsoft Employee
    2023-09-26T04:36:18.8133333+00:00

    @Timothy Kate Amores

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to deploy Meraki vMX & Azure firewall on Azure.

    Please note that the community members in Microsoft Q&A are well versed with Azure products but the same may not be the case for 3rd party NVAs.

    I would suggest you to leverage the 3rd party's forums or reach out to their support for any architectural assistances.

    With that said,

    • The architecture/design would totally depend on your requirement
    • From Azure end, you can use the Azure Firewall as NVA and to filter the traffic to/from OnPREM as well Internet bound.
    • Here's a list of all supported features with various SKUs:
    • May I ask why you would want to use two NVAs here?
      • Also, are you planning to use NVA first, and AzFW next to inspect traffic?
        • Or AzFW first and NVA second.
    • In either case, you just have to use the Route Tables with UDRs to forward traffic to the NVA/AzFW.
      • If you are going to use AzFW first and your NVA second, make sure you consider forced tunneling to route All (0.0.0.0/0) traffic using the UDR

    you may have a default route advertised via BGP or using User Defined Route (UDR) to force traffic to an on-premises edge firewall or other network virtual appliance (NVA) to process network traffic before it's passed to the Internet. To support this configuration, you must create Azure Firewall with Forced Tunnel configuration enabled

    Also Refer : Azure Firewall and network virtual appliances

    Cheers,

    Kapil

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.