Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
707 questions
0 answers
How to allow outbound web traffic only
Hello, I have setup an Azure Firewall and routes to control all traffic via the Azure Firewall. The firewall is deploy in the Hub and attached to an Express route circuit (Hub/Spoke) Additionally I have setup a rule collection group with the priority…
asked 2025-01-10T08:47:53.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 16%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
ADM Stawik, Lukas
0
Reputation points
commented 2025-01-10T12:48:57.15+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Ganesh Patapati
2,825
Reputation points Microsoft Vendor
1 answer
Azure Firewall DNS Proxy Failing to Resolve SCM Records in Private DNS Zones
I have a hub-and-spoke architecture in Azure where I'm using Azure Firewall in the hub as a DNS proxy. I have multiple private DNS zones configured in the hub and have established VNet links to my spoke networks. I've also added A records for my function…
asked 2024-12-19T16:24:15.6466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 16%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Sagar Baghel
10
Reputation points
commented 2025-01-10T11:47:20.1766667+00:00
Ganesh Patapati
2,825
Reputation points Microsoft Vendor
1 answer
Config Azure Firewall DNS for private endpoint without using Azure Private Resolver
Hello, Lately I config a system like below Here is some description: We have 3 Vnet: VNet test (172.22.0.0/16). Inside this subnet, I set up a subnet(172.22.0.0/24) and a VM test inside this subnet VNet Hub (10.18.0.0/16): inside this subnet I config…
asked 2025-01-07T13:29:49.1366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 59%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
lucas
25
Reputation points
commented 2025-01-10T10:00:12.86+00:00
Ganesh Patapati
2,825
Reputation points Microsoft Vendor
1 answer
I am unable to view service tags while adding a network rule in Azure Firewall.
Title Unable to View Service Tags When Adding a Network Rule in Azure Firewall Details I am unable to view service tags while adding a network rule in Azure Firewall. I am selecting the Destination type as Service Tag, but I can only see Office 365…
asked 2025-01-08T17:40:27.39+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 84%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Sayyad, Altamash Salim (Cognizant)
0
Reputation points
answered 2025-01-10T09:14:37.7833333+00:00
Sayyad, Altamash Salim (Cognizant)
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Firewall Policy Analytics: "Rules with low utilization" 60/90 day time period
I have the following issue with Policy Analytics: When viewing 'Rules with low utilization' I want to change the time period to 90 days (using the cog in upper right of the pane), but the options for 60 and 90 days are greyed out. I can only select 30…
asked 2024-11-19T09:43:35.1533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 46%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Robbert K
21
Reputation points
commented 2025-01-09T11:19:07.5366667+00:00
Ganesh Patapati
2,825
Reputation points Microsoft Vendor
0 answers
Traffic not flowing via azure firewall when using site to site vpn
I have created a site-to-site connection between AWS and Azure. In Azure, I have a firewall in place. When the gateway connection is established, traffic is not flowing through the Azure firewall. However, when the gateway connection is disconnected or…
asked 2024-12-26T17:31:22.2366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 34%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Anushankar Konduri
0
Reputation points
commented 2025-01-08T01:41:24.1833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Rohith Vinnakota
1,780
Reputation points Microsoft Vendor
5 answers
One of the answers was accepted by the question author.
How to get all firewall rules with all the properties via Azures Resource Graph?
Hi, I need help with proper formulation of a query that would give me all firewall rules with all properties so it can be saved as a CSV file. All rules from a particular directory.
asked 2023-03-22T12:59:31.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 62%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Dominika Starostka
20
Reputation points
commented 2025-01-07T13:24:43.4566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 19%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOD%3C/text%3E%3C/svg%3E)
Oscar de Groot
6
Reputation points
1 answer
One of the answers was accepted by the question author.
Hub, Spoke - S2S VPN Trafice via Azure Firewall
Hello, Recently I have create a system like below image I have config 3 VNET: VNET test(10.19.0.0/16) : in this vnet, I config a subnet(10.19.0.0/24) and a test VM (OS window server 2022) with a public IP named publicIPDev. I want to remote to this…
1 answer
Network latency between Azure Global VNet Peering
Hi Team, I have a scenario below. Users at the East US site access the webpage site1.abc.com which is hosted on a Citrix Netscaler in the Central US region. Users from the East US site connect in multiple ways, through VPN or AVD environment to access…
asked 2024-12-14T13:24:05.3933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 6%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
SHAKIR SHAIKH
0
Reputation points
edited the question 2025-01-07T13:02:41.58+00:00
Prrudram-MSFT
27,576
Reputation points
0 answers
Using Azure Private Resolver with Firewall DNS proxy
Hi, I am currently looking at implementing Azure DNS private resolver (inbound and outbound endpoint subnets) within a hub-and-spoke network with the ultimate goal of resolving DNS to/from an on premise site located down a VPN connection and the spokes…
asked 2024-09-10T10:39:50.1433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEV%3C/text%3E%3C/svg%3E)
Eddie Vincent
105
Reputation points
commented 2024-12-31T04:25:34.4366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 0%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Silvia Wibowo
4,926
Reputation points Microsoft Employee
1 answer
connectivity issue over internet via azure firewall
Hi Team, I have a vm A in a vnet (SPOKE) region japan who talks to public ip on internet via azure firewall (HUB). We have a udr default route pointing to Firewall , all traffic to internet goes via azure firewall. We see that VM talks to destination…
asked 2024-12-30T12:00:01.8633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 33%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E5%3C/text%3E%3C/svg%3E)
56789
5
Reputation points
answered 2024-12-30T20:05:15.34+00:00
Rohith Vinnakota
1,780
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Azure private zone with on prem ADDNS
I had a requirement to use the Azure firewall proxy to capture and log DNS traffic comping Azure private link services. My plan was to setup conditional forwarder for all private DNS resources from on prem to Azure firewall using firewall proxy to DNS…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 46%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Firewall turn on
https://learn.microsoft.com/en-us/azure/firewall/firewall-faq#how-can-i-stop-and-start-azure-firewall using the instructions awhile back to save $$, we disabled the farewell, now I need to turn it back on. Wanting to stay with this docs by MS. what do i…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 36%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EED%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Does traffic from Azure Firewall to Service Tag like Azure Monitor stays on backbone
Hi, I have hosted some containers in Azure which are sending telemetry to Application Insight. We have a firewall in the connectivity hub. All spoke traffic (0.0.0.0/0) is routed to the firewall. So the outbound traffic from container to Application…
asked 2024-12-20T05:28:14.64+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 19%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER2%3C/text%3E%3C/svg%3E)
RajivBansal-2486
311
Reputation points
accepted 2024-12-24T07:18:49.8366667+00:00
RajivBansal-2486
311
Reputation points
1 answer
One of the answers was accepted by the question author.
Unable to find list of FQDNs/IP Addresses that are part of FQDN and Service Tags on Azure Firewall
We know there are many FQDN tags and Service Tags for Azure firewall, informed in the below articles as well: https://learn.microsoft.com/en-us/azure/firewall/fqdn-tags https://learn.microsoft.com/en-us/azure/firewall/service-tags However, not able…
asked 2024-12-13T20:41:37.34+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rakesh Singh
310
Reputation points
accepted 2024-12-20T01:29:35.13+00:00
Rakesh Singh
310
Reputation points
1 answer
Do we need to enable Azure firewall threat intelligence protection even if the communication is private via express route circuit
We have hybrid connectivity model setup in our environment where on-premises network is connected to Azure via Express route circuit with private peering enabled. on the Azure firewall policy we have explicitly denied outbound internet connectivity…
asked 2024-12-18T10:54:00.5266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 76%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Mahesh Badgujar
40
Reputation points
commented 2024-12-19T07:01:47.1033333+00:00
KapilAnanth-MSFT
48,261
Reputation points Microsoft Employee
1 answer
AKS Networking with Application Gateway and Azure Firewall
Hello everyone, I am currently implementing a solution in Azure that involves using Azure Kubernetes Service (AKS) as a backend, along with an Application Gateway for incoming traffic. Additionally, I have configured an Azure Firewall to manage outbound…
asked 2024-12-13T13:48:50.45+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 21%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
krutibasa majhi
0
Reputation points
commented 2024-12-18T09:36:30.8266667+00:00
KapilAnanth-MSFT
48,261
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Can you add a Network rule with "*" in the namespace and an Application rule with port 445 in Azure firewall?
Hi Team, We have a requirement, wherein we have to allow a URL on Azure firewall with following requirement: URL: *.abc.com Port: 445 Now, I cannot create an application rule with port 445 and Network rule doesn't accept "*" in the URL.…
asked 2024-12-13T20:31:11.9566667+00:00
Rakesh Singh
310
Reputation points
accepted 2024-12-17T23:08:47.1933333+00:00
Rakesh Singh
310
Reputation points
2 answers
One of the answers was accepted by the question author.
We have an Azure Virtual WAN deployement secure by Azure Firewall High Availability
Do i understand correctly that everthing inside virtual WAN is deployed automaticaly in Availability zones? Besides the Azure Firewall components for this you need to redeploy them. https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-faq I…
asked 2024-12-16T12:23:16.32+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 63%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
De Muyter, Frederik (INF)
20
Reputation points
accepted 2024-12-17T09:25:20.2233333+00:00
De Muyter, Frederik (INF)
20
Reputation points
2 answers
One of the answers was accepted by the question author.
Azure Firewall vs NSG rules
Hi all, I'm studying for the AZ-700 at present and making progress but came up with a query. If I have a rule in the NSG to block RDP connections and a rule in Azure Firewall to allow RDP - which takes priority? Kind regards Tom
asked 2023-08-19T22:06:53.6433333+00:00
Tom Wrigglesworth
91
Reputation points
commented 2024-12-13T10:07:18.88+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 46%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Sairam Waddepally
0
Reputation points