How can we route all inbound events of EventHub via Azure Firewall?

Tenneti Ajay 20 Reputation points

We have a requirement to route all inbound traffic into our resources in subscription via Azure firewall.

We have set an Azure firewall in a VNet and Eventhub with a private endpoint in the same VNet. We have DNAT rules for 443,5671,5672 on Firewall to the Private Endpoint's IP.

How can we connect to Eventhub with a Public IP on the Firewall (Unique IP for Eventhub)?

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
529 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
495 questions
Azure Event Hubs
Azure Event Hubs
An Azure real-time data ingestion service.
486 questions
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 27,511 Reputation points Microsoft Employee

    @Tenneti Ajay

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    Please note that there is no direct integration between Public IP of the Azure Firewall and an Eventhub.

    As you mentioned, you can use the DNAT Feature of Azure Firewall to redirect incoming traffic to a private resource behind the Azure Firewall.

    The intended purpose of DNAT rules in Azure Firewall is primarily to provide Layer 4 IP/Port translation.

    • For any HTTPS Traffic, customers are recommended to use Azure App gateway or Azure App gateway + Azure Firewall in Parallel.
    • This document, talks about this in detail.
    • User's image
    • Moreover, I noticed there is no inbuilt support for custom domains in Event Hubs.

    Wrt the last point above,

    • You must make sure the requests hitting your PaaS service (EventHub) uses the proper domain name of your service.
    • i.e., << {{ Namespace Name }} >>
    • Please go through this document on why this would cause an issue : Host Name preservation in Azure
    • In your case, it should be instead of
      User's image
    • I would suggest you to leverage Azure App gateway and add the Event Hub Private EndPoint as the backend and see if this works.

    Since there are no documents on this design, you can create a Dev/Test environment as above and let us know if there are any issues.



    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments No comments

0 additional answers

Sort by: Most helpful