Share via

Our azure firewal is natting incoming traffic to it's own inside

Buyani Ngwenya 21 Reputation points
2021-07-27T21:08:27.363+00:00

Our azure firewal is natting incoming traffic to it's own inside IP however we need to know/see the client source IP in order for them to autheticate on our application and also for troubleshooting reasons- is it possible to run a query on the firewall to get the client source IP and send it to an API dashboard or another server which the Application team can use when they want to troubleshoot issue's using the client source IP

Azure Firewall
Azure Firewall

An Azure network security service that is used to protect Azure Virtual Network resources.

0 comments

Answer accepted by question author

GitaraniSharma-MSFT 50,197 Reputation points Microsoft Employee Moderator
2021-07-28T06:31:38.937+00:00

Hello @Buyani Ngwenya ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

You can use Azure Firewall Workbook. Using Azure Firewall Workbook, you can gain insights into Azure Firewall events, learn about your application and network rules, and see statistics for firewall activities across URLs, ports, and addresses.

Azure Firewall Workbook provides:

  • Application rule log statistics which shows unique sources of IP address over time, application rule count usage, denied/allowed FQDN over time, and filtered data. You can filter data based on IP address.
  • Network rule log statistics which provides a view by rule action – allow/deny, target port by IP and DNAT over time. You can also filter by action, port, destination type and logs based on time window.

Before deploying Azure Firewall Workbook, you should enable diagnostic logging through the Azure portal.
Reference : https://learn.microsoft.com/en-us/azure/firewall/firewall-diagnostics#enable-diagnostic-logging-through-the-azure-portal

Then deploy Azure Firewall workbook following the below article:
https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20Firewall/Workbook%20-%20Azure%20Firewall%20Monitor%20Workbook

And monitor logs using Azure Firewall workbook:
https://learn.microsoft.com/en-us/azure/firewall/firewall-workbook

You can use Azure Firewall Workbook to create rich visual reports within the Azure portal. You can also connect to your storage account and retrieve the JSON log entries for access and performance logs. After you download the JSON files, you can convert them to CSV and view them in Excel, Power BI, or any other data-visualization tool.

Kindly let us know if the above helps or you need further assistance on this issue.

----------------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Was this answer helpful?

0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.