Share via

virtual network encryption

Loda Anjaneyulu (MINDTREE LIMITED) 20 Reputation points Microsoft External Staff
2025-05-31T13:00:08.4566667+00:00

virtual network encryption supported via azure firewall

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
779 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 49,715 Reputation points MVP Volunteer Moderator
    2025-05-31T13:26:37.25+00:00

    In short, no, Azure Firewall does not support Virtual Network (VNet) encryption.

    Azure Firewall is a stateful network security service that provides traffic filtering and threat protection for your Azure Virtual Network resources. However, it does not provide encryption of traffic between virtual machines (VMs) in a virtual network or between peered virtual networks.

    VNet encryption refers to the encryption of data in transit within the same virtual network or across peered VNets. Microsoft offers VNet encryption using Virtual Network encryption for intra-VNet traffic, which relies on MACsec (IEEE 802.1AE)—but only on specific Azure virtual machine sizes and with supported network interface cards (NICs).

    • VNet Encryption (MACsec):
      • Supported for specific Azure VM SKUs (e.g., D, E, and F-series).
      • Requires configuration of encryption at the VM level, not through the Azure Firewall.
    • IPsec Encryption:
      • For encryption across VPN gateways or Azure Virtual WAN.
      • Suitable for cross-premises or VNet-to-VNet secure communication.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments
  2. VIVEK DWIVEDI 185 Reputation points Microsoft Employee
    2025-06-01T17:49:27.1733333+00:00

    Hi @Loda Anjaneyulu (MINDTREE LIMITED) ,

    Greetings and thank you for reaching out to Microsoft Q&A Forum.

    Azure supports Virtual Network (VNet) encryption, but

    1. Azure Firewall is not supported in encrypted virtual networks.
    2. VNET encryption is not supported via Azure Firewall instead it is a feature for supported Virtual Machines.

    According to Microsoft’s official documentation, VNet encryption uses Datagram Transport Layer Security (DTLS) to encrypt traffic between virtual machines within the same virtual network and Peered Virtual Network (For Supported Virtual Machine types). However, Azure Firewall is explicitly listed as a service that is not compatible with VNet encryption. This means if your network relies on Azure Firewall for traffic inspection or routing, you won’t be able to enable VNet encryption in that setup.

    So, if your architecture requires both encryption and inspection, you may need to explore alternative solutions.

    Please look at the following articles:
    Supported VM Types and Prerequisites
    Vnet Encryption Limitations

    Please mark the answer as yes if this answers to your question or let me know if you have further queries.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.