Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
1 answer
One of the answers was accepted by the question author.
How can I add a DNAT rule in Azure Firewall policy for incoming traffic to a specific IP address with a port range?
I'm trying to add a DNAT (Destination Network Address Translation) rule in Azure Firewall policy for incoming traffic to a specific IP address with a port range but encountering an issue where can't add a port range, only single ports. If this is not…
Azure Firewall
asked 2025-05-22T12:57:58.6266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 21%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Fernando F
20
Reputation points
commented 2025-08-07T14:13:03.5366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 56.00000000000001%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Andrea Longhitano
155
Reputation points
1 answer
One of the answers was accepted by the question author.
Whats the order of Firewall policies execution.
I have a hub and spoke setup in my tenant. There 2 vm, one in each spoke. I have a azure firewall policies setup. All the traffic between the spokes are routed through the firewall. I have a firewall policy in place. 1 network rule which allows with…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-28T07:57:14.7666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 14.000000000000002%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYM%3C/text%3E%3C/svg%3E)
Yashas Manjunath
186
Reputation points
accepted 2025-07-30T08:54:49.4433333+00:00
Yashas Manjunath
186
Reputation points
1 answer
Why would inbound/outbound HTTPS requests to a payment gateway (secure.clickpay.com.sa) timeout from our Azure VM but work from local devices, despite confirmed NSG and firewall rules allowing the traffic?
We’re experiencing a connection timeout whenever a client tries to complete a payment. When I run: curl -I https://secure.clickpay.com.sa from our server, there is no response—but the same command succeeds from my personal device or others. I’ve already…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-27T07:18:20.4666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 50%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Al Mokhlif Oud
0
Reputation points
answered 2025-07-29T02:37:55.82+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 15%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Praveen Bandaru
6,850
Reputation points Microsoft External Staff
Moderator
1 answer
How can one find Azure Firewall creation date please?
Hi I'm trying to find Azure Firewall creation date please. I failed to find it in resource JSON view or playing with get-resource PS command and looking at properties fields. Thanks
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-23T09:01:05.4+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 7.000000000000001%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
stephane clavel
26
Reputation points
commented 2025-07-28T10:28:55.4933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Ganesh Patapati
8,760
Reputation points Microsoft External Staff
Moderator
4 answers
One of the answers was accepted by the question author.
What is https://aka.ms/. Why is this firewalled?
Is https://aka.ms safe? I can't access anything from Microsoft anymore because https://aka.ms/ is blocked behind my company firewall. What is https://aka.ms/? Why did Microsoft start putting all MSDN downloads here? VS 2022 is here. Why?
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2022-01-03T22:27:35.55+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 42%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
flagrant99
26
Reputation points
commented 2025-07-27T16:05:24.7166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 71%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Martin mulley
5
Reputation points
1 answer
One of the answers was accepted by the question author.
Alternatives for IP groups while creating firewall policy rules.
I have a bunch of network and application rules in Azure Firewall Policy. While creating the groups I can either specify source and destination IP ranges or IP groups. I am implementing the Hub and spoke architecture in my tenant which means I will…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-17T21:33:40.65+00:00
Yashas Manjunath
186
Reputation points
accepted 2025-07-24T09:47:22.3133333+00:00
Yashas Manjunath
186
Reputation points
1 answer
Azure Firewall - URL matching
Does www.contoso.com in targetUrl match www.contoso.com/?siteId=asd343s32kj343dce ? Documentation mentions that it should match below examples www.contoso.com www.contoso.com/ The doc also mentions that www.contoso.com/test should match…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-13T16:55:27.0233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 4%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Peter Stieber
180
Reputation points
commented 2025-07-23T08:23:47.8766667+00:00
Ganesh Patapati
8,760
Reputation points Microsoft External Staff
Moderator
1 answer
Azure Firewall - RuleCollection with no rules
What happens if a rule collection (network, NAT, or application) is defined but contains no rules? Will the configured action (e.g., Allow or Deny) still be applied? Does it effectively act as an implicit "Allow All" or "Deny…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-18T14:11:04.36+00:00
Peter Stieber
180
Reputation points
commented 2025-07-22T18:20:25.6266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 36%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
G Sree Vidya
4,005
Reputation points Microsoft External Staff
Moderator
1 answer
Azure Firewall DNS Proxy Failing to Resolve SCM Records in Private DNS Zones
I have a hub-and-spoke architecture in Azure where I'm using Azure Firewall in the hub as a DNS proxy. I have multiple private DNS zones configured in the hub and have established VNet links to my spoke networks. I've also added A records for my function…
Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
786 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,820 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
553 questions
asked 2024-12-19T16:24:15.6466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 16%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Sagar Baghel
10
Reputation points
commented 2025-07-22T17:08:54.33+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 84%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENT%3C/text%3E%3C/svg%3E)
Nika Todua
0
Reputation points
1 answer
Enforcing All Traffic Through Azure Firewall with Site-to-Site VPN Between Azure Tenants – Asymmetric Routing and RDP Failure
Problem Statement Scenario: We have two Azure tenants (Tenant1 and Tenant2) connected via Site-to-Site VPN. In Tenant1, we have deployed Azure Firewall in a hub virtual network. All traffic must be forced through Azure Firewall for inspection, including…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-11T19:07:37.1666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 8%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Paul
0
Reputation points
commented 2025-07-21T22:29:40.2533333+00:00
G Sree Vidya
4,005
Reputation points Microsoft External Staff
Moderator
1 answer
Azure Firewall - SNAT
When a DNAT rule is matched in Azure Firewall, is source NAT (SNAT) always applied — regardless of the SNAT configuration defined in Azure Firewall SNAT behavior for private IP ranges? Does Azure Firewall always apply SNAT when the destination is a…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-21T14:32:35.3+00:00
Peter Stieber
180
Reputation points
answered 2025-07-21T18:15:38.4033333+00:00
G Sree Vidya
4,005
Reputation points Microsoft External Staff
Moderator
1 answer
ExpressRoute private peering - site-to-site VPN overlay
I have an upcoming task: Design and configure a site-to-site vpn over an expressRoute circuit private peering, and have some questions around routing. This has been driven due to regulation that enforces encryption of PII data in transit. The…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-16T22:58:54.9566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 36%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Joshua Musiyarira
0
Reputation points
commented 2025-07-18T17:49:13.4933333+00:00
G Sree Vidya
4,005
Reputation points Microsoft External Staff
Moderator
1 answer
One of the answers was accepted by the question author.
Info about custom routing and UDRs with Azure Firewall and VPN gateway transit in a hub & spoke model
Hi everyone, I have configured an architecture in my lab as follows: From the left in the hub network I deployed an Azure Firewall because all traffic must go through. The hub network on the right is on another Subscription, specifically…
Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
268 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,843 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,820 questions
Azure Network Watcher
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
192 questions
asked 2022-09-30T20:48:27.893+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 16%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Denis Dal Molin
51
Reputation points
commented 2025-07-16T17:33:27.2466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 69%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Deepali Saini
0
Reputation points Microsoft Employee
1 answer
Not able to ping vm to vm in hub spoke with azure firewall
I have set up hub and 2 spokes using Azure Firewall to route traffic from spoke to spoke. I have set correct route to allow all to all this is the only firewall rule I have In both subnet I have set default route rule to Azure Firewall IP there are no…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,542 questions
asked 2023-02-05T20:05:40.14+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 23%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Piotr Szustakowski
0
Reputation points
edited a comment 2025-07-14T10:29:26.67+00:00
Yashas Manjunath
186
Reputation points
0 answers
Logged Traffic in Azure Firewall does not match Source and Destination defined in Rules
When checking the Logs of our Azure Firewall in Premium SKU I noticed very strange behavior. The source AND destination for allowed traffic do not match the defined rule that allegedly allowed the traffic. Example: I defined a rule like this: NameSource…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2024-11-19T15:34:02.0066667+00:00
Lukas Lohrsträter
25
Reputation points
commented 2025-07-18T07:58:06.74+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 76%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Mauro Mosczynski
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Firewall - public IP as nexthop
Documentation says that Application rules aren't applied for inbound connections. So, if you want to filter inbound HTTP/S traffic, you should use Web Application Firewall (WAF) So my understanding is that when FW receives something on public IP,…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-10T08:49:43.23+00:00
Peter Stieber
180
Reputation points
accepted 2025-07-18T10:48:01.92+00:00
Peter Stieber
180
Reputation points
1 answer
Azure Firewall Outbound
Documentation keeps mentioning that app rules are applied only to outbound traffic. Same applies to network rules where dst is fqdn. They are only applied to outbound traffic - traffic leaving from VNET. Can someone please explain that little more? What…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-12T11:55:10.1933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 92%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Peter Stieber
45
Reputation points
commented 2025-07-15T10:53:12.9833333+00:00
Ganesh Patapati
8,760
Reputation points Microsoft External Staff
Moderator
1 answer
One of the answers was accepted by the question author.
Azure Firewall - force tunneling
Why does documentation says that in order to enable force tunneling I must create an Azure Firewall with the Firewall Management NIC enabled? Can I not do that without management subnet/nic? What happens if I create udr for fw subnet to forward some…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-12T13:53:33.77+00:00
Peter Stieber
45
Reputation points
accepted 2025-07-12T14:09:13.09+00:00
Peter Stieber
45
Reputation points
2 answers
One of the answers was accepted by the question author.
Clarification on Public IP Addresses and DNAT Rules in Azure Firewall
Documentation mentions that the number of public IP addresses attached to a Firewall and the unique destinations in DNAT rules both contribute to the total limit of 250 public IP addresses. I have confusion regarding how DNAT rules operate. Does the…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-14T20:49:29.3833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 92%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM4%3C/text%3E%3C/svg%3E)
MatthewHendry-4985
25
Reputation points
accepted 2025-07-15T18:22:49.2133333+00:00
MatthewHendry-4985
25
Reputation points
2 answers
One of the answers was accepted by the question author.
Unable to ping VM to VM with traffic routed through the Firewall.
I have a 2 spokes and a hub. the rote tables in the spoke are configured to route the traffic through the firewall. 0.0.0.0/0 . I have VM's in both the spokes and i want to ping one from the other. This is not successfull. I have allowed all protocal…
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
796 questions
asked 2025-07-15T07:42:21.6733333+00:00
Yashas Manjunath
186
Reputation points
edited a comment 2025-07-15T11:59:03.7966667+00:00
Yashas Manjunath
186
Reputation points