Using Azure Firewall to regulate traffic between subnets of a Virtual Network
We have a Virtual network (e.g. 10.x.0.0/19) with multiple subnets (10.x.1.0/24, 10.x.2.0/24, 10.x.3.0/24) and an Azure Firewall. We have custom Route Tables assigned to subnets to direct traffic to the Firewall interface. An Azure Firewall regulates N/S…
Change Azure Firewall from Force Tunneling to use the Azure FW for Internet traffic
Hi, we have recently migrated most of our workload from on-prem to Azure and we have currently S2S VPN connections between 2 of our on-prem sites and Azure. For phase 1, we used FW in force Tunneling mode to force all Internet traffic to our on-prem FW…
Delay after whitelisting an IP address
Hi, I have a github action that builds and deploys a static website into a Azure Storage account. By default the storage account's firewall rules deny incoming connections so I need to whitelist the github runner's current IP for the duration of the…
Application Gateway Configuration for Seatable.
Hello, I am not familiar with seatable and would require help with setting up application gateway to access seatable application in Azure. Environment: Huba and Spoke Network Topology. Application gateway and firewall are deployed as shared resources…
Delete Azure Firewall - Visual Studio Subscription
Hello, i need help with the following Problem: I ran out of monthly Credit in Azure with my Visual Studio Subscription. I have n Azure Firewall that i want to delete. If click on delete, i get the error: 'Azure Firewall firewall1 failed to dereference…
Effect of enabling DNS proxy in Azure Firewall.
My environment has an Azure firewall configured as a shared resource. connection to smpt.office365.com in the above firewall was configured using application firewall rule to port 587, but we are unable to send emails. The plan is to re-configure the…
Rule swap in azure firewall
Hi, Since this week when I perform a Terraform plan against my Azure Firewall, rules are listed in random order in the rule collection and the same goes for rule parameters. If I apply this plan, real changes are done against the firewall which last more…
How would I allow connections from my V-NET hosts to *.azurewebsites.net/*?
I've tried using a Network rule that allows traffic to AppService tag. My clients in the V-NET attempt to connect to something.azurewebsites.net/restofpath So far I just get 403 errors.
Confirm if IDPS in Azure firewall is active when behind Azure Application Gateway WAF
My scenario is: [Internet] -> [Azure AGWAF] -> [Azure Firewall] -> [Load Balancer] -> [App Servers] Azure Firewall is Premium, with IDPS & Threat Intelligence enabled. Inbound HTTPS traffic hits the AGWAF, is (WAF) filtered and then…
What is https://aka.ms/. Why is this firewalled?
Is https://aka.ms/vs/17/release/vs_enterprise.exe safe? I can't access anything from Microsoft anymore because https://aka.ms/ is blocked behind my company firewall. What is https://aka.ms/? Why did Microsoft start putting all MSDN downloads…
NSG - Network security group - How to block traffic
Hi, I have a virtual network and subnet 10.185.23.0/24 in it. There is VM with IP 10.185.23.4. We have domain controllers in seperate Vnet and subnet 10.185.4.0/26. I want to block any outgoing traffic towards one of the domain controller 10.185.4.7…
Azure Firewall upgrade and preservation of public IP
Hello! I have a question about upgrading the SKU of Azure Firewall. If I change from Standard to Premium using "Azure Firewall easy upgrade/downgrade", will the public IP that is added to the Secured Virtual Hub still be preserved? Thank you.
Sample Log Analytics queries are just wrong
When I go to logs in the Azure Portal for the Firewall and it drops me into Log Analytics, but the sample queries don't work. This is really poor quality and I don't understand why it's allowed to happen. As a user of the service I shouldn't have to…
Route all outcoming traffic from Azure VM via Azure Firewall to on promise
We are utilizing a Hub and Spoke network topology within our Azure environment and are aiming to establish a network architecture that mirrors this setup. Specifically, we have an Azure VM located in a Spoke (subnet) that is paired with the Hub Vnet…
How to get all firewall rules with all the properties via Azures Resource Graph?
Hi, I need help with proper formulation of a query that would give me all firewall rules with all properties so it can be saved as a CSV file. All rules from a particular directory.
Azure Firewall TLS inspection fails with handshake failure, alert 40
interCA-old.pfx.txt Hello, I'm trying to setup Azure Firewall with TLS inspection. I cannot get past one problem. Problem: Firewall fails to process rule. Chrome/Edge browser error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH openssl error: $ openssl s_client…
Add o365 rules to Azure Firewall
Hi, I need to add all the necessary Firewall rules for VM's in our Azure estate so they can activate against Microsofts servers. What are the ports/URLs needed for this? And how do I go about implementing into Azure firewall? Kind regards
Azure Firewall I see the
Azure Firewall reports the following problems: Failed to resolve FQDN microsoftmetrics.com. Error lookup microsoftmetrics.com on 127.0.0.53:53: no such host; DNS resolution returned no IPs. It comes from AzureFirewallSubnet subnet. So seems that Azure…
Network configuration to allow communication with new IP addresses for Azure Data Factory
I need to understand what changes are required on NSG and Firewall Perspective for below alert? Recommended action If you're affected, notify your network infrastructure team to update your network configuration to add these new IP addresses by 1 April…
Hosting Django Server in port 8000 and accessing it from ip address
Hello I went to django manage.py runserver 0.0.0.0:8000 which runs server perfectly but i am unable to acess it from azure public ip address as mentioned on both network interface or virtual machine eg: http://