Our azure firewal is natting incoming traffic to it's own inside

Buyani Ngwenya 21 Reputation points
2021-07-27T21:08:27.363+00:00

Our azure firewal is natting incoming traffic to it's own inside IP however we need to know/see the client source IP in order for them to autheticate on our application and also for troubleshooting reasons- is it possible to run a query on the firewall to get the client source IP and send it to an API dashboard or another server which the Application team can use when they want to troubleshoot issue's using the client source IP

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
666 questions
0 comments No comments
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 49,606 Reputation points Microsoft Employee
    2021-07-28T06:31:38.937+00:00

    Hello @Buyani Ngwenya ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    You can use Azure Firewall Workbook. Using Azure Firewall Workbook, you can gain insights into Azure Firewall events, learn about your application and network rules, and see statistics for firewall activities across URLs, ports, and addresses.

    Azure Firewall Workbook provides:

    • Application rule log statistics which shows unique sources of IP address over time, application rule count usage, denied/allowed FQDN over time, and filtered data. You can filter data based on IP address.
    • Network rule log statistics which provides a view by rule action – allow/deny, target port by IP and DNAT over time. You can also filter by action, port, destination type and logs based on time window.

    Before deploying Azure Firewall Workbook, you should enable diagnostic logging through the Azure portal.
    Reference : https://learn.microsoft.com/en-us/azure/firewall/firewall-diagnostics#enable-diagnostic-logging-through-the-azure-portal

    Then deploy Azure Firewall workbook following the below article:
    https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20Firewall/Workbook%20-%20Azure%20Firewall%20Monitor%20Workbook

    And monitor logs using Azure Firewall workbook:
    https://learn.microsoft.com/en-us/azure/firewall/firewall-workbook

    You can use Azure Firewall Workbook to create rich visual reports within the Azure portal. You can also connect to your storage account and retrieve the JSON log entries for access and performance logs. After you download the JSON files, you can convert them to CSV and view them in Excel, Power BI, or any other data-visualization tool.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.