Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
585 questions
1 answer
Azure +Cisco Meraki+Azure route server
Hello, Do we have any approved pattern for Cisco Meraki on Azure with Azure route server and PA firewall? We have a Hub n Spoke topology in 2 region and in each region we have Meraki+ARS+PA firewall. Have someone attempted something likethis? Any…
asked 2021-09-22T08:11:23.503+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 55.00000000000001%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Mohammed Thahif BK
341
Reputation points
commented 2022-02-08T13:37:24.237+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 37%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
Debayan Chowdhury
1
Reputation point
1 answer
Azure Advisor - Virtual Network should be protected by Azure Firewall
Azure Advisor is suggesting that we protect our virtual network by Azure Firewall (Low alert) but in the process of doing this, it is asking us for Public IP address . This is risky, why would we want to have poke a hole to have a Public IP address. …
asked 2022-01-28T18:37:24.823+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 92%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
JKFrancis
76
Reputation points
answered 2022-02-02T10:29:22.817+00:00
GitaraniSharma-MSFT
48,196
Reputation points Microsoft Employee
1 answer
Target FQDNs in application rules
According to this https://learn.microsoft.com/en-us/azure/firewall/firewall-faq Azure fw supports: TargetURL www.contoso.com/test When I try adding this it won't allow me to. However I can enter wildcard .contoso.com but not contoso.com/ Any…
asked 2022-01-21T04:35:40.257+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 15%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Deepak Malkan
1
Reputation point
commented 2022-01-31T22:37:12.103+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SaiKishor-MSFT
17,216
Reputation points
1 answer
Why azure firewall (premium) deny'ing 443 traffic
We deployed Azure Firewall Premium in AzureFirewallSubnet subnet (10.100.0.128/25 ) I am seeing 443 traffic being denied, see the attached screen capture. How can know more about this traffic? Below is the screen capture of our…
asked 2021-03-25T03:50:24.1+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 33%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Porsche Me
131
Reputation points
answered 2022-01-28T08:15:34.347+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 35%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Mocker, Thomas
1
Reputation point
1 answer
What are premium firewall options like IDS/IPS/TLS inspection based on ?
Is it a solution completely build by Microsoft or is based on other NGFW from vendors like PaloAlto, Cisco (Snort) and the likes?
asked 2022-01-27T17:18:17.47+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 87%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Clark_wfh
1
Reputation point
answered 2022-01-27T21:54:24.54+00:00
SaiKishor-MSFT
17,216
Reputation points
1 answer
HTTPS Conditional Access policy to VM
Hi everyone. I'm looking for the best way to lockdown HTTPS traffic to a VM for internal staff only. We have an Azure VM with an IIS website which is for internal staff access only. We have an Azure AD only environment with E5 licenses. Intune is…
1 answer
One of the answers was accepted by the question author.
CRS 3.2 Approved for Live Use
Do you know when CRS 3.2 will be released for live use, ie. no longer pubic preview. I really need to implement the larger request bodies that are allowed with WAF 3.2, which as I understand comes with CRS 3.2. Thanks in advance. JIm
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 55.00000000000001%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
Firewall fortinet azure
Hello, what we need on Azure to have HA for our Fortinet Firewall of Azure marketplace already deployed,thank you
asked 2022-01-16T11:30:08.567+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 12%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEU%3C/text%3E%3C/svg%3E)
Edison Umaña Tamayo
21
Reputation points
accepted 2022-01-19T21:25:17.987+00:00
Edison Umaña Tamayo
21
Reputation points
2 answers
One of the answers was accepted by the question author.
gateway transit and remote gateways in azure
dears, a site to site vpn connection has been made between on premises and one azure vnet vnet1. and from vnet1 i have a peering connection onto a new azure vnet vnet2. if i want to achieve communication between on premises to vnet 2 and vice…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 26%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
Need help deleting an orphaned Azure Firewall policy
I had an Azure Firewall in my VS Enterprise subscription and deleted it. Everything regarding the firewall could be deleted apart from a single firewall policy which is in status "Updating" since days. I always get the error: <policy…
asked 2022-01-13T10:32:51.72+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 75%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Peter Singhof
21
Reputation points
answered 2022-01-13T14:28:57.747+00:00
Peter Singhof
21
Reputation points
2 answers
p2s vpn setup
hi , our all site 2 site are connected to hub.we are usinng p2s vpn to access all those resources. But now we want to create a new p2s vpn which allow us to access only custom vnets instead of all the spoke net.PLease let me know how it is possible in…
asked 2021-12-23T20:27:45.163+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 15%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Ankita Rani Patro
176
Reputation points
answered 2022-01-10T09:37:28.427+00:00
SaiKishor-MSFT
17,216
Reputation points
2 answers
I can not access to my open port on azure virtual server
Hello i open my port 543 on azure vm and under my windows server firewall but there is not any way to connect remote, i try locally the port and i can access fine, the problem is when i try to access remotely. i have another ports and work fine, but 543…
asked 2021-12-01T00:49:02.43+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 73%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Alain H
1
Reputation point
answered 2022-01-10T08:44:33.217+00:00
SaiKishor-MSFT
17,216
Reputation points
0 answers
how to NAT public Ip and port to private ip/port on Azure Windows Server 2019
new to Azure. I have setup a Windows Server 2019 VM to be used as a controller for some Unify APs. I can't seem to figure out how to NAT the public IP and port to the private IP and Port so that the APs and the remote sites can find the Unifi…
asked 2021-12-28T19:16:48.773+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 3%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EME%3C/text%3E%3C/svg%3E)
Marc Edwards
1
Reputation point
commented 2022-01-06T16:19:54.507+00:00
SaiKishor-MSFT
17,216
Reputation points
1 answer
Zero Trust Setup for Dynamics 365 Entity Store in Data Lake?
Hi All, We have configured Dynamics 365 Finance and Operations to Connect to an Azure Data Lake using the below Microsoft Doc. https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/data-entities/entity-store-data-lake We would…
asked 2022-01-05T16:50:05.697+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 48%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Alan Hunter
1
Reputation point
answered 2022-01-05T23:57:46.087+00:00
deherman-MSFT
34,201
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Allow Power Bi Dataset Access to Azure Resources
I have a Power Bi (M365/Azure kind, not on premise) dataset that is syncing data from one of my Azure SQL databases. This Azure database resource has its network firewall enabled to only allow connections from whitelisted public IP addresses. I am able…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 17%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
3 answers
AG WAF and firewall
We're planning a deployment in azure with an HUB-spoke topology The HUB VNET would have the ApplicationGatewayWAF Subnet, the FIrewall Subnet and the bastion host subnet Then we'll have a few spoke Vnets with segregated customer specific application…
asked 2021-12-27T17:31:37.827+00:00
Stefano Colombo
221
Reputation points
commented 2021-12-31T07:39:54.72+00:00
SaiKishor-MSFT
17,216
Reputation points
1 answer
Hub and Spoke with Azure Firewall
Hi, Q1)In a hub and spoke setup in which azure firewall is the default route for all vnets, what happens if one of the spokes are unavailable? Does it keep sending traffic to the unavailable vnet to be dropped eventually? Q2)in azure route table,…
asked 2021-12-16T13:19:49.817+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 56.00000000000001%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
The Architect
1
Reputation point
answered 2021-12-27T12:22:03.403+00:00
SaiKishor-MSFT
17,216
Reputation points
1 answer
How to secure database and storage services from public access?
I have the below services and they have public access. Note: The virtual Machine is on-premise. Now, I want to remove public access and add some limited access policies. Regarding my research, In my opinion, I should add two…
asked 2021-12-12T12:05:04.923+00:00
Mohsen Akhavan
936
Reputation points
commented 2021-12-18T17:14:47.86+00:00
Mohsen Akhavan
936
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Firewall Logs
I have configured azure firewall, and we have many rules like Application rules, Network rule, and NAT rule. I want to filter only outgoing traffic logs, and incoming traffic logs separately. Is there any query to see only outgoing or only incoming…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 91%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
1 answer
Azure Firewall Exceptions for O365 and Defender
Hi We have deployed Azure Firewall in a hub-spoke topology where the spoke is hosting Azure Virtual Desktop (AVD) session hosts. I’ve gone through this this article for guidance on how to allow some of the basic Azure infra services (DNS, Health…
asked 2021-12-16T09:34:30.21+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 5%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Taranjeet Malik
446
Reputation points
answered 2021-12-17T11:32:19.3+00:00
SaiKishor-MSFT
17,216
Reputation points