Combining Azure Firewall and Flow Log analysis

As you might already know, there are a couple of ways of filtering traffic in Azure Virtual Networks: Network Security Groups (NSGs) and Azure Firewall. NSGs offer unlimited performance for Layer 4 filtering, while Azure Firewall is more powerful with features like deep packet inspection or application-level intelligence. However, even if these solutions follow a … Continue reading Combining Azure Firewall and Flow Log analysis

Pimp your serial console with tmux

I have a short one for today, which I just found out with a colleague when troubleshooting Kubernetes: we only had connectivity to a VM over the console, but we needed to execute two commands at the same time: generate some traffic on one side, and have some tcpdump running on the other. First of … Continue reading Pimp your serial console with tmux

Azure Bastion routing in Virtual WAN

As you might know, Azure Bastion enables management connectivity to virtual machines without having to assign them public IP addresses, and without having to maintain jump hosts in your Virtual Network. Up to recently, the virtual machines needed to be immediately peered to the VNet where Azure Bastion was deployed, but with IP-based connections Azure … Continue reading Azure Bastion routing in Virtual WAN

Importing Palo Alto policies to Azure Firewall

I recently had a project where we had the chance to convert a Palo Alto ruleset to an Azure Firewall Policy. I had recently created a script to generate a Firewall Policy for Microsoft 365 endpoints, so the challenge was using that work as a basis to generate an Azure Firewall Policy out of the … Continue reading Importing Palo Alto policies to Azure Firewall

Accessing AKS private clusters with Azure Bastion and VS Code

Do you use AKS private clusters? Do you hate jump hosts? If the answer to both questions is “yes”, this blog post might be interesting for you. Let’s set things straight: it is not that I “hate” jump hosts, it is more that I “love” the way I have setup my PC’s environment: I like … Continue reading Accessing AKS private clusters with Azure Bastion and VS Code

Azure Virtual WAN Hub Routing Preference

You probably know Azure Virtual WAN: it is an Azure service that provides any-to-any connectivity across regions out of the box, or a “global transit network architecture”, as they describe here: Essentially Virtual WAN is a set of Microsoft-managed virtual hubs peered to each other, where you would connect your VNets and/or branches (ExpressRoute, Site-to-Site … Continue reading Azure Virtual WAN Hub Routing Preference

Azure VMware Solution networking voodoo

One of the most common and yet complex networking designs in Azure is interconnecting Azure IaaS workloads deployed in a Virtual Network, vSphere virtual machines in an Azure VMware Solution private cloud, and on-premises networks. My esteemed colleague Robin Heringa kindly gave me access to an AVS cluster, so armed with the fantastic possibilities that … Continue reading Azure VMware Solution networking voodoo

Azure Firewall rules for Office 365

This post is going to be a bit different than the rest, because I have no complex network designs with many boxes and IP addresses. Instead, I have been confronted with a different challenge: how can you configure Azure Firewall to allow traffic to Office 365 endpoints? Why would you want to do that? There … Continue reading Azure Firewall rules for Office 365

Azure Firewall’s sidekick to join the BGP superheroes

Azure Firewall is a fantastic product: oversimplifying, an architecture that scales out great, provides traffic forwarding and security in Azure, and is very easy to integrate in a network. Some times you need to manipulate the default routing of Azure VNets, and Azure Route Server offers an invaluable tool for that. However, Azure Route Server … Continue reading Azure Firewall’s sidekick to join the BGP superheroes

AAD Application Proxy: Where is my WAF?

You might have read my previous intro post to the AAD Application Proxy, where I went over a quick intro to this service and a comparison with other reverse proxies available in the Azure portfolio. I finished that post with a very generic diagram describing how to combine multiple proxies to get different capabilities, for … Continue reading AAD Application Proxy: Where is my WAF?