connectivity issue over internet via azure firewall

Question

Hi Team,

I have a vm A in a vnet (SPOKE) region japan who talks to public ip on internet via azure firewall (HUB).

We have a udr default route pointing to Firewall , all traffic to internet goes via azure firewall.

We see that VM talks to destination public ip every 10 minutes and we can verify that in outbound nsg logs for VM but on firewall we dont see logs every 10 minutes. We are trying to see if azure firewall drops any packets since we had a disconnection issue 30 days back.

Does firewall only show logs for new session, how does azure firewall records the session?

This is north-south traffic

Answer 1

Hi @56789

Greetings!

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

Does firewall only show logs for new session

Yes. Azure Firewall logs are mainly created for new sessions. This means that when a session is initiated i.e., a new connection is made, the firewall will record that event.

how does azure firewall records the session?

When a new connection is made. Azure Firewall records this event in its logs. This includes details like source and destination IP addresses, protocols, and the action taken (allow or deny).

Azure Firewall's structured logs provide a more detailed view of firewall events. They include information such as source and destination IP addresses, protocols, port numbers, and action taken by the firewall. They also include more metadata, such as the time of the event and the name of the Azure Firewall instance.

Refer this link: https://learn.microsoft.com/en-us/azure/firewall/monitor-firewall#structured-azure-firewall-logs

If you have any further queries, do let us know.

Thanks,

Rohith

 

---

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.