Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
580 questions
1 answer
One of the answers was accepted by the question author.
Can you create your own custom IDPS Signatures/Rules
Is there a way to create custom IDPS signatures like with mainstream NGFW providers (Palo Alto, Fortinet, Checkpoint, Snort etc.) for the Azure Firewall Premium? Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 75%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECH%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Pass Client IP to the webserver behind Azure Firewall
Is it possible to Pass Client IP to the webserver behind Azure Firewall, need to obtain the original client IP's which connect to my webserver behind the azure firwall
asked 2022-04-04T18:01:39.563+00:00
Padman Prasantha De Silva
21
Reputation points
accepted 2022-04-05T04:15:18.553+00:00
Padman Prasantha De Silva
21
Reputation points
1 answer
Azure Firewall
Need to get the source IP of the client who is connecting from outside to my webserver behind a Azure Firewall NAT rule
asked 2022-04-02T04:47:59.95+00:00
Padman Prasantha De Silva
21
Reputation points
answered 2022-04-04T10:58:15.553+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 32%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EY%3C/text%3E%3C/svg%3E)
yusuke
81
Reputation points Microsoft Employee
4 answers
One of the answers was accepted by the question author.
Point-to-Site VPN protected by Azure firewall from the outside
Hello, I am wondering how I could configure the hub to route traffic as follows: p2s tunnels over the internet -> azure FW - > vpnGateway - > AzureFW -> vnet subnets (and back to p2s clients the same way) tia
asked 2021-07-20T16:48:53.19+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 69%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Marek Kurowski
21
Reputation points
commented 2022-04-01T19:12:10.06+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 41%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Jeremy
136
Reputation points
1 answer
Azure Firewall Log Query - Src and Dst IP Only
Hi folks - newbie here so excuse me - don't worry i'll stop asking basic qtns here very soon [hopefully] Can I please ask someone to share script to run query for defined source / destination IP only only. So in other words, show me all flow with the…
asked 2022-03-15T15:39:29.63+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 17%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Ajaz Nawaz
21
Reputation points
answered 2022-03-25T21:38:46.723+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
23,341
Reputation points Microsoft Employee
1 answer
Avoiding Preflight calls
I have frontend react app deployed in Az CDN and backend in Az App service. How can I avoid CORS issue i.e. avoiding preflight calls? Please suggest a solution.
asked 2022-01-21T13:26:56.4+00:00
Anantha Subramanian
46
Reputation points
commented 2022-03-22T07:16:22.017+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 28.000000000000004%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGK%3C/text%3E%3C/svg%3E)
Ganeshraj Kandasamy
1
Reputation point
2 answers
One of the answers was accepted by the question author.
How to set up a multi-spoke virtual network in Azure Firewall
Can you tell us how to configure multiple-spoke virtual networks in Azure Firewall when you adopt a hub-spoke network topology in Azure?
asked 2021-08-17T05:29:13.52+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 6%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
清水隆宏 / SHIMIZU,TAKAHIRO
106
Reputation points
commented 2022-03-16T13:10:15.993+00:00
GitaraniSharma-MSFT
47,931
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Cannot Delete Azure Firewall
Hi Folks, I am not able to delete azure firewall, error: Failed to delete the Azure Firewall 'AZFW01'. Error: Azure Firewall AZFW01 failed to dereference Firewall Policy…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 37%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ2%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Hub & Spoke with Azure Firewall - Integrating External Businesses
Hi, I need to find a solution to integrate external businesses into our Azure Hub & Spoke environment with an Azure Firewall. By external businesses I am meaning businesses that we own as a group but are not connected to our normal MPLS network. I…
asked 2021-12-31T12:19:59.117+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 78%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Son
306
Reputation points
commented 2022-03-15T14:39:36.57+00:00
EnterpriseArchitect
4,866
Reputation points
1 answer
Assigning external IP to subnets
I am looking into the functionality of Azure in comparison to our existing on prem firewall. Currently we have a batch of external IPs broken up and assigned to one of the vnets on our firewall. i.e. Subnet 1 uses External IP 1 to go out to the…
asked 2022-03-08T19:46:06.953+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 18%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
ACC_Admin_720
1
Reputation point
answered 2022-03-09T01:34:57.29+00:00
suvasara-MSFT
10,011
Reputation points
4 answers
One of the answers was accepted by the question author.
Is there a way to restrict SSH access to Azure VMs by country instead of a specific IP range?
We are looking for a way to improve the security of remote access. Our teams with SSH access are only in a few countries. Restricting the SSH source country or even city would be the ideal strategy, which is clearer, simpler and more flexible than a…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 88%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETL%3C/text%3E%3C/svg%3E)
1 answer
Route all Virtual Gateway P2S traffic through Azure Firewall
I'm trying to set up a firewall between a P2S Virtual Gateway connection and the remainder of my Azure network but having trouble figuring out how to set it up. As a simplified architecture, I have two VNets "hub" and "spoke" and…
asked 2022-02-08T19:58:01.17+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 80%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENL%3C/text%3E%3C/svg%3E)
Nathan Loika
1
Reputation point
commented 2022-02-18T16:42:03.807+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SaiKishor-MSFT
17,206
Reputation points
1 answer
Azure Firewall Health and SNAT Ports usage shows unavailable after 3 days.
Azure Firewall Health and SNAT Ports usage shows unavailable after 3 days. Earlier, SNAT was 0% and Health state was 100%. What could have gone wrong. Probably I was enabling log analytics for this Firewall that day. Tried to remove it to rule that…
asked 2022-02-10T12:44:03.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 1%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Jayadeava Balaraja
1
Reputation point
answered 2022-02-15T16:42:48.107+00:00
Jayadeava Balaraja
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Azure Firewall Network Rule for O365 - Error "Invalid argument: 'Malformed IP address: 2603:1006:1400::'"
Hi Community Just wondering if I'm completely off-the-mark here and someone can provide insights from experience. While configuring Azure Firewall Network rule for Office 365 IP Address ranges as suggested here-->…
asked 2021-12-17T05:58:05.833+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 5%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Taranjeet Malik
446
Reputation points
accepted 2022-02-14T07:51:01.323+00:00
Taranjeet Malik
446
Reputation points
1 answer
Hub spoke architecture public access
Hello I am hoping to get a conformation about a best practice concearning the hub spoke architecture. We have a hub spoke architecture. It has a expressroute connection between the onprem network and Azure. The er gateway is in the hub network, so is…
asked 2022-01-18T22:53:08.417+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 25%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
C.J. Vieleers
106
Reputation points
answered 2022-02-13T12:05:04.553+00:00
C.J. Vieleers
106
Reputation points
1 answer
Azure +Cisco Meraki+Azure route server
Hello, Do we have any approved pattern for Cisco Meraki on Azure with Azure route server and PA firewall? We have a Hub n Spoke topology in 2 region and in each region we have Meraki+ARS+PA firewall. Have someone attempted something likethis? Any…
asked 2021-09-22T08:11:23.503+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 55.00000000000001%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Mohammed Thahif BK
341
Reputation points
commented 2022-02-08T13:37:24.237+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 37%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
Debayan Chowdhury
1
Reputation point
1 answer
Azure Advisor - Virtual Network should be protected by Azure Firewall
Azure Advisor is suggesting that we protect our virtual network by Azure Firewall (Low alert) but in the process of doing this, it is asking us for Public IP address . This is risky, why would we want to have poke a hole to have a Public IP address. …
asked 2022-01-28T18:37:24.823+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 92%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
JKFrancis
76
Reputation points
answered 2022-02-02T10:29:22.817+00:00
GitaraniSharma-MSFT
47,931
Reputation points Microsoft Employee
1 answer
Target FQDNs in application rules
According to this https://learn.microsoft.com/en-us/azure/firewall/firewall-faq Azure fw supports: TargetURL www.contoso.com/test When I try adding this it won't allow me to. However I can enter wildcard .contoso.com but not contoso.com/ Any…
asked 2022-01-21T04:35:40.257+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 15%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Deepak Malkan
1
Reputation point
commented 2022-01-31T22:37:12.103+00:00
SaiKishor-MSFT
17,206
Reputation points
1 answer
Why azure firewall (premium) deny'ing 443 traffic
We deployed Azure Firewall Premium in AzureFirewallSubnet subnet (10.100.0.128/25 ) I am seeing 443 traffic being denied, see the attached screen capture. How can know more about this traffic? Below is the screen capture of our…
asked 2021-03-25T03:50:24.1+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 33%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Porsche Me
131
Reputation points
answered 2022-01-28T08:15:34.347+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 35%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Mocker, Thomas
1
Reputation point
1 answer
What are premium firewall options like IDS/IPS/TLS inspection based on ?
Is it a solution completely build by Microsoft or is based on other NGFW from vendors like PaloAlto, Cisco (Snort) and the likes?
asked 2022-01-27T17:18:17.47+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 87%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Clark_wfh
1
Reputation point
answered 2022-01-27T21:54:24.54+00:00
SaiKishor-MSFT
17,206
Reputation points