AzureFW Deny rule is not output during connection troubleshooting

Tsukuda Yusaku 0 Reputation points
2024-01-24T01:54:10.4233333+00:00

After verifying the connectivity troubleshooting below, We were able to confirm that no errors were output due to Deny in the AzureFW application rules. Access to https://www.example.com from VM2 is recognized as denied by AzureFW. ・Network Internet | AzureFW | | VM1 VM2 ・Application rules |SourceType|Sorece|Protocol|DestinationType|Target|Action| | -------- | -------- | -------- | -------- | -------- | -------- | |IPAddress|VM1_IPAddress|Http,Https,Mssql|FQDN|www.example.com|Allow| |IPAddress|VM2_IPAddress|Http,Https,Mssql|FQDN|www.example.com|Deny|

・Connection Troubleshooting |SourceType|Source |Destination|Protocol|DestinationPort|Result| | -------- | -------- | -------- | -------- | -------- | -------- | |VM|VM1|https://www.example.com|TCP|443|Allow| |VM|VM2|https://www.example.com|TCP|443|Allow|

I checked if I could access https://www.example.com from the system console. We were able to confirm that the results were as expected. ・Confirmation using the system console |VM|Command |ApplicationRules|Result| | -------- | -------- | -------- | -------- | |VM1|curl https://www.example.com |above rules|Allow| |VM2|curl https://www.example.com|above rules|Deny|

Based on the above results, can't AzureFW Deny be detected by connection troubleshooting?

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
544 questions
Azure Network Watcher
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
152 questions
{count} votes