Azure Firewall outbound through specific public IP

OJA 76 Reputation points
2022-05-16T10:49:43.457+00:00

As far as I have read, it's not possible to NAT certain subnets through a specific public IP on the firewall.
I.e the firewall will pick the outbound IP randomly.
As I'm trying to consolidate our public IPs into an Az Firewall this is a little unfortunate as we have external partners that have whitelisted one or another of the IPs I want to add to the firewall.
Do you know if it's in the backlog to add this functionality to Az Firewall, or would we need to look into a 3rd party NVA?

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
564 questions
Accepted answer
  1. Alan Kinane 16,786 Reputation points MVP
    2022-05-16T11:33:39.607+00:00

    I'm not sure if this is on the backlog or not but for now I think you have two options here when using Azure Firewall.

    Option 1. Use an IP address prefix for your outbound public IP addresses so at least then you will know the range to whitelist.
    https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-address-prefix

    Option 2: Deploy a NAT gateway to the Azure Firewall subnet, this will route all outbound traffic through the NAT gateway and use its public IP address.
    https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview

    4 people found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest