Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
742 questions
1 answer
Template validation error of Palo Alto Firewall bicep resource, and how to troubleshoot further
Hi, We have a Palo Alto firewall running in Azure using that is deployed using IaC. Nothing has changed in the code, but somehow we started receiving template validation errors as of march 20, 2025 We're using the following bicep resource, Bicep…
asked 2025-04-14T10:46:24.2+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 55.00000000000001%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
Lasse Hastrup
0
Reputation points
commented 2025-04-28T07:32:05.6766667+00:00
Lasse Hastrup
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Microsoft Azure External APIs Whitelisting Concern in Azure Firewall
We have set up Azure Landing Zone Subscriptions and deployed resources in UK South, with private endpoints in Canada Central and US regions for global distribution. All regional VNets are peered. Since the resources are located in UK South, we have…
asked 2025-04-23T04:53:30.7766667+00:00
Rajoli Hari Krishna
761
Reputation points
accepted 2025-04-24T04:06:33.5233333+00:00
Rajoli Hari Krishna
761
Reputation points
1 answer
One of the answers was accepted by the question author.
Firewall creation is failing
Firewall creation is failing. but when I see in Resource group is there and firewall is also there. Please see below screenshot but after deployment I am seeing following error now should I understand Firewall is created or not? if not please suggest…
asked 2025-04-13T04:56:27.9933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 37%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Varma
1,495
Reputation points
edited an answer 2025-04-22T11:45:13.9666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Sai Prasanna Sinde
5,240
Reputation points Microsoft External Staff
4 answers
One of the answers was accepted by the question author.
What is https://aka.ms/. Why is this firewalled?
Is https://aka.ms safe? I can't access anything from Microsoft anymore because https://aka.ms/ is blocked behind my company firewall. What is https://aka.ms/? Why did Microsoft start putting all MSDN downloads here? VS 2022 is here. Why?
asked 2022-01-03T22:27:35.55+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 42%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
flagrant99
21
Reputation points
edited the question 2025-04-18T19:11:05.1166667+00:00
Olga_Gh
0
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Why can my application gateway not connect to web app if the application gateway subnet is allowed in web app access restriction?
Hello, I have an application gateway that has an app service as a backend pool. Everything works fine when the app service allows anything to access it (I can access web app from app gateway). However, when I allow the application gateway subnet to the…
asked 2023-04-07T14:32:02.09+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 32%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMO%3C/text%3E%3C/svg%3E)
Majtenyi, Otto
20
Reputation points
commented 2025-04-16T20:45:28.4333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 13%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
cloudseeker
0
Reputation points
1 answer
One of the answers was accepted by the question author.
AZURE FIREWALL - ROUTE
Hello. Please, I would like to better understand the current scenario I am working on. I have a VM that needs external access via public IP, which will also be a domain, this VM hosts a public website. My question: I have another Fortigate Firewall VM,…
asked 2024-08-19T11:32:02.74+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 8%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Gabriel Moraes
370
Reputation points
commented 2025-04-16T14:51:45.5433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 43%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
ShawnO
25
Reputation points
1 answer
One of the answers was accepted by the question author.
Why does Azure Firewall DNAT rules does not allow creating a rule without port translation?
I am working on an application architecture which requires 150 Public IPs in Azure firewall to support 150 enterprise customers. Each customer will be assigned with Its own Public IP on Azure firewall to access the application. Traffic will be allowed on…
asked 2025-02-23T20:43:15.9133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 51%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
Rahul Bhatia
20
Reputation points Microsoft Employee
commented 2025-04-15T14:42:09.8+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 10%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFL%3C/text%3E%3C/svg%3E)
Florian LACOMMARE
0
Reputation points
3 answers
VNET encryption and Azure Firewall
Hello everyone, I have a question. We have set up VNET encryption on all our VNET. We have set up Azure firewall to allow only the necessary flows between the different VNET. But I have seen on the page "What is Azure Virtual Network…
asked 2025-04-11T07:39:28.6366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 91%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
JeanSebastien NAHON
0
Reputation points
answered 2025-04-11T08:57:30.36+00:00
Luis Arias
8,516
Reputation points
1 answer
Azure Firewall VNet Not Appearing in Route Table Association
When configuring an Azure Firewall, the VNet does not appear in the dropdown to associate it with the route table. The VNet has been confirmed to be in the same region. What steps can be taken to resolve this issue?
asked 2025-04-10T18:56:19.9533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 98%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
Dodd, Angie
0
Reputation points
answered 2025-04-10T19:49:04.38+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 15%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Praveen Bandaru
2,665
Reputation points Microsoft External Staff
1 answer
One of the answers was accepted by the question author.
What is the difference between using private endpoints and blocking public access of storage account when compared to allowing traffic only from specified vnets in firewall settings?
I wanted to understand how traffic travels when specific vnets are allowed in firewall settings as in private endpoint configuration it travels through Microsoft back bone network.
asked 2025-04-04T05:51:27.55+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 39%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Pranay Bugga
20
Reputation points
accepted 2025-04-05T02:20:33.7933333+00:00
Pranay Bugga
20
Reputation points
0 answers
Best Practices for Backing Up Azure Network Infrastructure Configuration
What are the best practices for backing up Azure Network Infrastructure configurations, such as vFirewall Policies and vSecuredHub/vWAN?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 3%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
Azure Firewall Standard to Premium Subscription
Hi MS Experts, I plan do upgrade from Standard to Premium Subscription due to IDPS feature. Will there be a production impact? Regards,
asked 2025-03-25T08:30:24.2933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 23%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVL%3C/text%3E%3C/svg%3E)
Val Lim (PH)
20
Reputation points
accepted 2025-04-01T13:45:38.4666667+00:00
Val Lim (PH)
20
Reputation points
1 answer
Always get an InternalServerError when I create a firewall to protect my vnet.
I have a fairly simple virtual network. Web subnet (three web apps), and a private endpoints subnet (MySql, two Redis instances, blob storage account), plus the autogenerated ones: default, AzureFirewallSubnet, and AzureFirewallManagementSubnet (all…
asked 2025-03-31T20:36:16.5366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 27%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
Stephanie Valentine
0
Reputation points
edited an answer 2025-04-01T01:15:53.9166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 36%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
G Sree Vidya
750
Reputation points Microsoft External Staff
1 answer
Azure Firewall active instances
Hello, I've an Azure Fw Standard SKU, I know that can scale up to 20 instances. I would like to know if I can monitor the active instances Thanks
asked 2025-03-24T09:50:13.0833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 55.00000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Christian80
0
Reputation points
commented 2025-03-31T14:19:53.63+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Ganesh Patapati
5,440
Reputation points Microsoft External Staff
0 answers
Logged Traffic in Azure Firewall does not match Source and Destination defined in Rules
When checking the Logs of our Azure Firewall in Premium SKU I noticed very strange behavior. The source AND destination for allowed traffic do not match the defined rule that allegedly allowed the traffic. Example: I defined a rule like this: NameSource…
asked 2024-11-19T15:34:02.0066667+00:00
Lukas Lohrsträter
25
Reputation points
commented 2025-03-31T12:24:38.4133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 0%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENC%3C/text%3E%3C/svg%3E)
Nassim Cherifi
0
Reputation points
0 answers
Unexpected Behavior with Azure Firewall Draft Rules – Existing Rule Collections Deleted
Hi Everyone, I recently started using the new Draft mode feature in Azure Firewall for staging access rules. However, I’ve encountered an unexpected issue and wanted to check if others have experienced the same. Steps to Reproduce: Enable Draft mode in…
asked 2025-03-12T04:05:44.94+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 71%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Aleksandr
0
Reputation points
commented 2025-03-31T10:19:29.74+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 96%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)
Andrew Williamson
60
Reputation points
1 answer
our Azure firewall billing is too high without of any much use
our Azure firewall billing is too high without of any much use, pls help in understanding the uses and billing or any support no. or email id
asked 2025-03-25T13:49:40.1533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 44%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Deepak Kumar
0
Reputation points
commented 2025-03-27T18:34:57.2033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Rohith Vinnakota
4,010
Reputation points Microsoft External Staff
2 answers
One of the answers was accepted by the question author.
Azure Firewall Application rule not working
Hi, I have Azure firewall with premium sku. I have created rule collection group GRP1 (priority 500) contains DNAT rule ( priority 400,410) and network rule ( priority 1000 to 65000). Now I have requirement to allow only 3 urls (not any other URLS) …
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 43%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
1 answer
Azure Portal - Add DNAT firewall rule error
"Cannot read properties of undefined (reading 'toLowerCase')" Get the above error when clicking 'Add rule' in the DNAT rules blade under our Firewall policy.
asked 2025-03-11T17:13:22.36+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 78%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
Lord Saradomin
0
Reputation points
edited an answer 2025-03-17T16:52:08.5766667+00:00
Rohith Vinnakota
4,010
Reputation points Microsoft External Staff
3 answers
One of the answers was accepted by the question author.
How to configure Application Gateway before Azure Firewall to App Services
Dear Microsoft community, I have an application gateway setup with WAF with app services as the backend pool targets. I have also setup access restrictions in the app service networking to only allow traffic through application gateway. Till here…
asked 2023-04-13T09:46:01.1133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 57.99999999999999%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Martin Garrix
30
Reputation points
answered 2025-03-17T08:17:14.52+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 17%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AzurePro
60
Reputation points