How to force all S2S VPN traffic through Azure firewall
Hi We currently have a hub and spoke setup in Azure. The hub contains an Azure firewall, an ExpressRoute gateway and a VPN gateway. All traffic for the spokes is routed through the Azure firewall. We have IPSec VPNs over our ExpressRoute which terminate…
Azure Firewall inbound and Outbound Exceptions for APIM instance deployed in Internal VNet mode
Hi Community I'm planning to deploy an APIM instance in "Internal" VNet injection mode in a hub-spoke topology where APIM is deployed to spoke VNet and there's an Azure Firewall in the hub that police all the inbound and outbound traffic. UDRs…
Firewall creation is failing while creating through terraform.
Firewall deployment is failing through Terraform Status: "InternalServerError" │ Code: "" │ Message: "An error occurred." │ Activity Id: "" │ │ --- │ │ API Response: │ │ ----[start]---- │…
Azure Firewall and VPN for remote user
We have servers in a remote location, and I am currently able to access them through a VPN client. However, I now need to set up a firewall and VPN with a dedicated public IP. Additionally, I would like to enable site-to-site VPN. If I connect to the…
How to configure Application Gateway before Azure Firewall to App Services
Dear Microsoft community, I have an application gateway setup with WAF with app services as the backend pool targets. I have also setup access restrictions in the app service networking to only allow traffic through application gateway. Till here…
Azure Premium Firewall creation fails with internalservererror
We are not able deploy a premium firewall to an existing network in france central. Details below: Correlation ID: 1ab562b8-4c91-4fd5-9647-113ff910cdc8 Status message: { "status": "Failed", "error": { …
Azure firewall migration from third party firewall
I am planning to migrate from a third party firewall to Azure firewall. Without much downtime Currently, all UDR points to third party firewall appliance hosted in Azure I have setup a firewall and empty policy in Azure I am will be importing rules…
Azure Firewall & Application Gateway Regional Configuration Clarity
Hello team, Good day!! I have setup Azure Firewall and Application gateway which are 3+ years old now, and during that time, I believe there wasn't an option to choose zones for these two resources and if I check the properties in the JSON of it, I don't…
Inbound azure firewall rules to allow connectivity from Azure apim control plane to apim instance in internal mode
I'm having trouble configuring the Inbound Azure Firewall Rules to allow connectivity from the Azure APIM Control Plane to my APIM instance in internal mode. I've followed the instructions listed in the official documentation and have added the 4 Azure…
Hub & Spoke - P2S VPN Traffic via Azure Firewall
Is the following scenario supported? We have 3 Virtual Networks: VNET-01-UKSOUTH-PROD VNET-01-UKWEST-PROD VNET-02-UKWEST-PROD VNET-01-UKSOUTH-PROD & VNET-01-UKWEST-PROD are peered. VNET-01-UKWEST-PROD & VNET-02-UKWEST-PROD are…
Azure firewall rule
Is there an azure firewall powershell script to import from CSV or converted json and deploy to Azure NetworkPolicyCollectiongroup. I have used powershell to export to CSV I am adding 10 rule collection which repeats through the rules on the row…
AZ firewall parent policy
Is it possible to defined two secured hub with individual policy first and introduced and link parent policy after a year once we identified the common policies or parent policy has to be created and right the beginning of the firewall deployment and…
How to route specific traffic through Azure Firewall via Site 2 Site BGP enabled VPN
I have two virtual networks on Azure: Vnet1 (10.1.0.0/16) and Vnet2 (10.2.0.0/16). These Vnets are connected by an Azure VPN gateway using Site-to-Site BGP enabled VPN. Currently, VM1 can ping VM2, and VM1 can also ping the firewall in Vnet2. I have…
How can I enforce Azure Firewall using Hub & Spoke with multiple subscriptions?
Hello, we are using classic hub/spoke with Express Route and want to manage a central firewall instance for all connections to on-prem. We have setup a dedicated subscription hosting an Express route, Hub VNet & Azure Firewall. The spokes peered with…
Azure Firewall for development cost reduction - I need to keep the static IP
I am in development and the app environment requires a static IP which is registered with 3rd party for their white list. This application also requires an SSL certificate for use as client certificate with this IP. I see that the Azure firewall on…
Missing description field for Azure Firewall Policy Rule Collection Group rules
In the reference documentation for creating rules in rule collection groups in Azure Firewall Policy the description field is listed as valid for individual rules:…
Filtering EAST-WEST Traffic - Azure Firewall
Does azure firewall support east-west traffic filtering or it should only be used for north-south traffic filtering. In some doc I read for inbound http & https we need to use web application firewall.(Application gateway)
How can I configure my .NET app to use Azure Firewall proxy in explicit mode?
I'm trying to use Azure Firewall in explicit proxy mode to test that my .NET app works when configured with a proxy. The .NET app uses the WebProxy class to configure the HttpClient:…
Upgrade to Premium Azure Firewall SKU
Hi, We are planning on upgrading our standard Azure FW SKU to a premium SKU soon using the upgrade function in the portal. The premium SKU introduces IDPS, I was just curious as to whether that is enabled by default once you upgrade or if it is something…
Storage Account with Private Endpoint. Can it be accessed from Public IPs through Azure Firewall?
I have a Storage Account with Private Endpoint. My Vnet is protected with Azure Firewall. Storage Account is accessible from On-premises or other (through Azure VPN GW) and from other peered Vnets. All traffic to the Storage Account Private Endpoint is…