Routig Traffic from Azure Front Door to App-Gateway by Azure FW in Hub-Spoke
Hallo, i am working to build a concept by Hub-Spoke architecture. I am using Azure Front Door as a global service to route incoming requests. A hub and spoke are deployed and they are configure with each other by VPN Gateway to transport traffic…
Azure peering with Firewall
Hi All I have the following: Hub: ----- Hub-Vnet: address space: 10.0.0.0/16 Firewall: subnet: 10.0.1.0/24 RouteTable Spoke1: -------- Spoke1-VNet: address space: 10.1.0.0/16 Subnet1: 10.1.0.0/24 spoke1-vm:…
Spoke to onprem connection
Hi All, I just deployed this ARM template from Microsoft. I created a rule on the firewall to allow ping from on-prem VM to the spoke VM as follows: name: allowping protocol: ICMP: Source Addresses:…
Best practice and use case scenario of Azure Firewall ?
People, I'd like to know the best-case scenario for deploying and using Azure Firewall in my production Subscription is? From what I can see, the KeyVault and Storage Account already have their own Firewall feature built in, therefore it is only…
Can I run on WAF policies using version 3.1 of the OWASP rules and another policy using version 3.2?
Hi, Could somebody confirm whether it's possible to have WAF policies running different versions of the OWASP rules i.e. one WAF policy using 3.1 and one using 3.2. The message below is what I get when I set up a new WAF policy and choose version…
Azure Firewall outbound through specific public IP
As far as I have read, it's not possible to NAT certain subnets through a specific public IP on the firewall. I.e the firewall will pick the outbound IP randomly. As I'm trying to consolidate our public IPs into an Az Firewall this is a little…
Azure ASAv/FTDv : Is http requests (GET/POST/PUT/DELETE) supported on IPv6 interfaces using rest-api?
Hi, I'm trying to test http requests (GET/POST/PUT/DELETE) on Azure ASAv/FTDv. Below is configured at ASA side and able to access rest-api doc page via IPv4 interface. However, same via IPv6 is not loading up. Am I missing any config here or http…
Accessing Azure Storage Accounts with Selected Network Enabled
As per the requirements, I need to Enable Firewall with Selected Network ON for Azure Storage Accounts. But when I do the same along with adding all required IPs, Azure Function App and Azure Data Factory is going down. Currently the VNET is…
Customer peered Vnet with it's own gateway to it's own on-prem needs to transit our Vnet to our on-prem.
Looking for the best solution for this. We are peered with a customer's Vnet. Customer has their own gateway to their own on-prem so them using our gateway isn't an option. How can their Vnet transit our Vnet to our on-prem? Would a PF Sense firewall…
Azure Fortigate unable to ping jump server which is in same VNET
Hello All, I have encountered one issue ,we have implemented fortigate firewall in Azure.( IP address We login to firewall through Virtual machine(jump server) (10.127.2.6) When I try to ping from fortigate CLI to Jump server I am unable to do so. Both…
Azure Firewall premium IDPS support
I want to know how the IDPS will work in case of a file upload (malware) will that will be detected and blocked as part of Azure firewall traffic? Do we need to enable the TLS inspection to test this for HTTPS based traffic. Does it scan the whole…
Azure Firewall Policy - Rule collection Group limit
According to the service limits docs https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-firewall-limits the current limit on number of rule collection groups in a Firewall Policy is 50. …
Azure Firewall Dnat
Hello, I'm working on configuring Azure firewall for my virtual machines. I created a Dnat rule that allows RDP to one of my VMs, and it works perfectly. However, I discovered that adding a second Dnat rule to allow RDP to a different VM didn't work…
"IP Group" azurerm_firewall_policy_rule_collection_group
I have to implement "IP Groups" Azure Firewall Firewall Policy Rule Collection using terraform but I am not able to find any code block which I can refer to create it. May be some one else already did and can share it?
On premise network routing to internet via azure s2s
I have a test device that works on us internet only. we are the organization working for US clients. So to make the device work for test purpose we need to route all traffic from device via azure to internet. How can we do that please help me to find me…
Attaching Azure Firewall Policy with Hub using Terraform
Attaching Azure Firewall Policy with Hub using Terraform We are using hub and spoke architecture for creating landing zone on azure. We are using Terraform for infra provisioning. We have created VWAN, Hub, Firewall & Firewall policy using…
Application gateway + Azure Firewall (directly going via internet)
I was trying to zero trust setup and achieve the route from application gateway -> central Azure firewall -> (webapp)App Service. But i cannot see the traffic from applicationgw going via AzFw The current route which has been setup on application…
How do you integrate a branch network whose address space overlaps spokes
I have a VWAN/Secure Hub topology in Azure with the hub and all of its internal spokes living in the 172.16.0.0/16 -> 172.24.0.0/16 spaces. Internally, this all works just fine. Now I need to be able to integrate external data centers by…
Azure Firewall Policy during region failure
I have the below architecture in Azure - Two Virtual Network -- vnet1 (region: East US), vnet2 (region: West US) Two Firewall -- fw1(on vnet1, East US) , fw2(on vnet2, West US) One Firewall Policy in East US -- fwpolicy(attached to both…
Filter P2S traffic through Azure Firewall to spokes
Hello ! I'm trying to force all the P2S traffic through azureFirewall to be able to reach spokes vnets. I have the following topology : 1 hub vnet (10.1.0.0/16)with 2 subnets (GatewaySubnet (10.1.1.0/27)/ AzureFirewallSubnet(10.1.2.0/24)) with…