Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
577 questions
1 answer
One of the answers was accepted by the question author.
Routig Traffic from Azure Front Door to App-Gateway by Azure FW in Hub-Spoke
Hallo, i am working to build a concept by Hub-Spoke architecture. I am using Azure Front Door as a global service to route incoming requests. A hub and spoke are deployed and they are configure with each other by VPN Gateway to transport traffic…
asked 2022-03-21T14:14:01.347+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 14.000000000000002%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EME%3C/text%3E%3C/svg%3E)
Mohamed Elashkr
21
Reputation points
commented 2022-06-30T16:59:35.257+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 92%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Pardhasaradhi Reddy Vallapareddy
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Azure peering with Firewall
Hi All I have the following: Hub: ----- Hub-Vnet: address space: 10.0.0.0/16 Firewall: subnet: 10.0.1.0/24 RouteTable Spoke1: -------- Spoke1-VNet: address space: 10.1.0.0/16 Subnet1: 10.1.0.0/24 spoke1-vm:…
asked 2022-06-20T17:21:21.41+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 5%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Jean-Claude Kalunga
21
Reputation points
commented 2022-06-24T11:58:42.77+00:00
GitaraniSharma-MSFT
47,011
Reputation points Microsoft Employee
2 answers
Spoke to onprem connection
Hi All, I just deployed this ARM template from Microsoft. I created a rule on the firewall to allow ping from on-prem VM to the spoke VM as follows: name: allowping protocol: ICMP: Source Addresses:…
asked 2022-06-22T19:06:45.497+00:00
Jean-Claude Kalunga
21
Reputation points
answered 2022-06-22T20:34:49.227+00:00
Dave Patrick
426.1K
Reputation points MVP
1 answer
One of the answers was accepted by the question author.
Best practice and use case scenario of Azure Firewall ?
People, I'd like to know the best-case scenario for deploying and using Azure Firewall in my production Subscription is? From what I can see, the KeyVault and Storage Account already have their own Firewall feature built in, therefore it is only…
asked 2022-06-14T03:19:39.747+00:00
EnterpriseArchitect
4,721
Reputation points
commented 2022-06-22T11:17:45.467+00:00
EnterpriseArchitect
4,721
Reputation points
1 answer
One of the answers was accepted by the question author.
Can I run on WAF policies using version 3.1 of the OWASP rules and another policy using version 3.2?
Hi, Could somebody confirm whether it's possible to have WAF policies running different versions of the OWASP rules i.e. one WAF policy using 3.1 and one using 3.2. The message below is what I get when I set up a new WAF policy and choose version…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 62%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Azure Firewall outbound through specific public IP
As far as I have read, it's not possible to NAT certain subnets through a specific public IP on the firewall. I.e the firewall will pick the outbound IP randomly. As I'm trying to consolidate our public IPs into an Az Firewall this is a little…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 8%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
0 answers
Azure ASAv/FTDv : Is http requests (GET/POST/PUT/DELETE) supported on IPv6 interfaces using rest-api?
Hi, I'm trying to test http requests (GET/POST/PUT/DELETE) on Azure ASAv/FTDv. Below is configured at ASA side and able to access rest-api doc page via IPv4 interface. However, same via IPv6 is not loading up. Am I missing any config here or http…
asked 2022-06-01T06:39:00.13+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 61%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Aswin Antony
1
Reputation point
commented 2022-06-07T07:08:21.383+00:00
Aswin Antony
1
Reputation point
1 answer
Accessing Azure Storage Accounts with Selected Network Enabled
As per the requirements, I need to Enable Firewall with Selected Network ON for Azure Storage Accounts. But when I do the same along with adding all required IPs, Azure Function App and Azure Data Factory is going down. Currently the VNET is…
asked 2022-05-26T15:57:59.773+00:00
Mukteswar Patnaik
1
Reputation point
commented 2022-06-07T06:37:43.237+00:00
Mukteswar Patnaik
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Customer peered Vnet with it's own gateway to it's own on-prem needs to transit our Vnet to our on-prem.
Looking for the best solution for this. We are peered with a customer's Vnet. Customer has their own gateway to their own on-prem so them using our gateway isn't an option. How can their Vnet transit our Vnet to our on-prem? Would a PF Sense firewall…
asked 2022-06-02T18:27:44.353+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 39%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
RCN Admin
21
Reputation points
commented 2022-06-02T22:35:04.2+00:00
Takahito Iwasa
4,841
Reputation points MVP
1 answer
Azure Fortigate unable to ping jump server which is in same VNET
Hello All, I have encountered one issue ,we have implemented fortigate firewall in Azure.( IP address We login to firewall through Virtual machine(jump server) (10.127.2.6) When I try to ping from fortigate CLI to Jump server I am unable to do so. Both…
asked 2022-05-31T06:57:36.823+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 73%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGT%3C/text%3E%3C/svg%3E)
Ganesh Thorave
31
Reputation points
answered 2022-06-01T21:39:32.313+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
22,386
Reputation points Microsoft Employee
2 answers
Azure Firewall premium IDPS support
I want to know how the IDPS will work in case of a file upload (malware) will that will be detected and blocked as part of Azure firewall traffic? Do we need to enable the TLS inspection to test this for HTTPS based traffic. Does it scan the whole…
asked 2022-05-31T13:14:43.687+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 31%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVP%3C/text%3E%3C/svg%3E)
venkatesh pillai
21
Reputation points
commented 2022-06-01T08:46:53.147+00:00
venkatesh pillai
21
Reputation points
2 answers
One of the answers was accepted by the question author.
Azure Firewall Policy - Rule collection Group limit
According to the service limits docs https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-firewall-limits the current limit on number of rule collection groups in a Firewall Policy is 50. …
asked 2021-11-12T12:55:13.03+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 72%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EME%3C/text%3E%3C/svg%3E)
Mats Estensen
26
Reputation points
answered 2022-05-30T17:58:11.457+00:00
Mats Estensen
26
Reputation points
2 answers
Azure Firewall Dnat
Hello, I'm working on configuring Azure firewall for my virtual machines. I created a Dnat rule that allows RDP to one of my VMs, and it works perfectly. However, I discovered that adding a second Dnat rule to allow RDP to a different VM didn't work…
asked 2022-04-24T09:50:23.913+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 1%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Adekunle Deen
21
Reputation points
commented 2022-05-25T21:06:29.533+00:00
Adekunle Deen
21
Reputation points
1 answer
One of the answers was accepted by the question author.
"IP Group" azurerm_firewall_policy_rule_collection_group
I have to implement "IP Groups" Azure Firewall Firewall Policy Rule Collection using terraform but I am not able to find any code block which I can refer to create it. May be some one else already did and can share it?
asked 2022-05-20T15:02:29.097+00:00
Kaushalendra Kumar
106
Reputation points
accepted 2022-05-23T16:00:21.907+00:00
Kaushalendra Kumar
106
Reputation points
1 answer
One of the answers was accepted by the question author.
On premise network routing to internet via azure s2s
I have a test device that works on us internet only. we are the organization working for US clients. So to make the device work for test purpose we need to route all traffic from device via azure to internet. How can we do that please help me to find me…
asked 2022-05-19T16:35:10.377+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 42%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
Niraj Shakya
21
Reputation points
accepted 2022-05-22T03:58:21.61+00:00
Niraj Shakya
21
Reputation points
1 answer
One of the answers was accepted by the question author.
Attaching Azure Firewall Policy with Hub using Terraform
Attaching Azure Firewall Policy with Hub using Terraform We are using hub and spoke architecture for creating landing zone on azure. We are using Terraform for infra provisioning. We have created VWAN, Hub, Firewall & Firewall policy using…
asked 2022-05-20T07:15:27.833+00:00
Kaushalendra Kumar
106
Reputation points
accepted 2022-05-20T14:52:39.287+00:00
Kaushalendra Kumar
106
Reputation points
1 answer
One of the answers was accepted by the question author.
Application gateway + Azure Firewall (directly going via internet)
I was trying to zero trust setup and achieve the route from application gateway -> central Azure firewall -> (webapp)App Service. But i cannot see the traffic from applicationgw going via AzFw The current route which has been setup on application…
asked 2022-05-11T18:47:29.233+00:00
venkatesh pillai
21
Reputation points
accepted 2022-05-14T06:34:11.833+00:00
venkatesh pillai
21
Reputation points
1 answer
How do you integrate a branch network whose address space overlaps spokes
I have a VWAN/Secure Hub topology in Azure with the hub and all of its internal spokes living in the 172.16.0.0/16 -> 172.24.0.0/16 spaces. Internally, this all works just fine. Now I need to be able to integrate external data centers by…
asked 2022-05-11T20:44:15.903+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 69%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Steve Down
96
Reputation points
commented 2022-05-12T01:32:04.997+00:00
ChaitanyaNaykodi-MSFT
22,386
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Azure Firewall Policy during region failure
I have the below architecture in Azure - Two Virtual Network -- vnet1 (region: East US), vnet2 (region: West US) Two Firewall -- fw1(on vnet1, East US) , fw2(on vnet2, West US) One Firewall Policy in East US -- fwpolicy(attached to both…
asked 2021-10-06T11:47:54.8+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 0%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Sourav
21
Reputation points
answered 2022-05-09T16:20:26.887+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 14.000000000000002%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Brant Boyd
1
Reputation point
1 answer
Filter P2S traffic through Azure Firewall to spokes
Hello ! I'm trying to force all the P2S traffic through azureFirewall to be able to reach spokes vnets. I have the following topology : 1 hub vnet (10.1.0.0/16)with 2 subnets (GatewaySubnet (10.1.1.0/27)/ AzureFirewallSubnet(10.1.2.0/24)) with…
asked 2022-05-02T06:20:30.5+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 60%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Cloudy
186
Reputation points
commented 2022-05-04T13:44:29.4+00:00
GitaraniSharma-MSFT
47,011
Reputation points Microsoft Employee