Azure +Cisco Meraki+Azure route server
Hello, Do we have any approved pattern for Cisco Meraki on Azure with Azure route server and PA firewall? We have a Hub n Spoke topology in 2 region and in each region we have Meraki+ARS+PA firewall. Have someone attempted something likethis? Any…
Azure Advisor - Virtual Network should be protected by Azure Firewall
Azure Advisor is suggesting that we protect our virtual network by Azure Firewall (Low alert) but in the process of doing this, it is asking us for Public IP address . This is risky, why would we want to have poke a hole to have a Public IP address. …
Target FQDNs in application rules
According to this https://learn.microsoft.com/en-us/azure/firewall/firewall-faq Azure fw supports: TargetURL www.contoso.com/test When I try adding this it won't allow me to. However I can enter wildcard .contoso.com but not contoso.com/ Any…
Why azure firewall (premium) deny'ing 443 traffic
We deployed Azure Firewall Premium in AzureFirewallSubnet subnet (10.100.0.128/25 ) I am seeing 443 traffic being denied, see the attached screen capture. How can know more about this traffic? Below is the screen capture of our…
What are premium firewall options like IDS/IPS/TLS inspection based on ?
Is it a solution completely build by Microsoft or is based on other NGFW from vendors like PaloAlto, Cisco (Snort) and the likes?
HTTPS Conditional Access policy to VM
Hi everyone. I'm looking for the best way to lockdown HTTPS traffic to a VM for internal staff only. We have an Azure VM with an IIS website which is for internal staff access only. We have an Azure AD only environment with E5 licenses. Intune is…
CRS 3.2 Approved for Live Use
Do you know when CRS 3.2 will be released for live use, ie. no longer pubic preview. I really need to implement the larger request bodies that are allowed with WAF 3.2, which as I understand comes with CRS 3.2. Thanks in advance. JIm
Firewall fortinet azure
Hello, what we need on Azure to have HA for our Fortinet Firewall of Azure marketplace already deployed,thank you
gateway transit and remote gateways in azure
dears, a site to site vpn connection has been made between on premises and one azure vnet vnet1. and from vnet1 i have a peering connection onto a new azure vnet vnet2. if i want to achieve communication between on premises to vnet 2 and vice…
Need help deleting an orphaned Azure Firewall policy
I had an Azure Firewall in my VS Enterprise subscription and deleted it. Everything regarding the firewall could be deleted apart from a single firewall policy which is in status "Updating" since days. I always get the error: <policy…
p2s vpn setup
hi , our all site 2 site are connected to hub.we are usinng p2s vpn to access all those resources. But now we want to create a new p2s vpn which allow us to access only custom vnets instead of all the spoke net.PLease let me know how it is possible in…
I can not access to my open port on azure virtual server
Hello i open my port 543 on azure vm and under my windows server firewall but there is not any way to connect remote, i try locally the port and i can access fine, the problem is when i try to access remotely. i have another ports and work fine, but 543…
how to NAT public Ip and port to private ip/port on Azure Windows Server 2019
new to Azure. I have setup a Windows Server 2019 VM to be used as a controller for some Unify APs. I can't seem to figure out how to NAT the public IP and port to the private IP and Port so that the APs and the remote sites can find the Unifi…
Zero Trust Setup for Dynamics 365 Entity Store in Data Lake?
Hi All, We have configured Dynamics 365 Finance and Operations to Connect to an Azure Data Lake using the below Microsoft Doc. https://learn.microsoft.com/en-us/dynamics365/fin-ops-core/dev-itpro/data-entities/entity-store-data-lake We would…
Allow Power Bi Dataset Access to Azure Resources
I have a Power Bi (M365/Azure kind, not on premise) dataset that is syncing data from one of my Azure SQL databases. This Azure database resource has its network firewall enabled to only allow connections from whitelisted public IP addresses. I am able…
AG WAF and firewall
We're planning a deployment in azure with an HUB-spoke topology The HUB VNET would have the ApplicationGatewayWAF Subnet, the FIrewall Subnet and the bastion host subnet Then we'll have a few spoke Vnets with segregated customer specific application…
Hub and Spoke with Azure Firewall
Hi, Q1)In a hub and spoke setup in which azure firewall is the default route for all vnets, what happens if one of the spokes are unavailable? Does it keep sending traffic to the unavailable vnet to be dropped eventually? Q2)in azure route table,…
How to secure database and storage services from public access?
I have the below services and they have public access. Note: The virtual Machine is on-premise. Now, I want to remove public access and add some limited access policies. Regarding my research, In my opinion, I should add two…
Azure Firewall Logs
I have configured azure firewall, and we have many rules like Application rules, Network rule, and NAT rule. I want to filter only outgoing traffic logs, and incoming traffic logs separately. Is there any query to see only outgoing or only incoming…
Azure Firewall Exceptions for O365 and Defender
Hi We have deployed Azure Firewall in a hub-spoke topology where the spoke is hosting Azure Virtual Desktop (AVD) session hosts. I’ve gone through this this article for guidance on how to allow some of the basic Azure infra services (DNS, Health…